Bug 747852 - Missing else keyword (openswan)
Summary: Missing else keyword (openswan)
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openswan
Version: 5.8
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Paul Wouters
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 747966 1049888
TreeView+ depends on / blocked
 
Reported: 2011-10-21 06:52 UTC by Pavel Raiskup
Modified: 2014-04-22 21:08 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 747966 (view as bug list)
Environment:
Last Closed: 2014-04-22 21:08:02 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Pavel Raiskup 2011-10-21 06:52:36 UTC 
=> openswan-2.6.32/programs/pluto/ike_alg.c:87

when ike_alg_get_encrypter returns NULL (line 82) there is NULL dereference
on 87 when asking for enc_desc->keyminlen.

There is probably else keyword missing on line 87 (else-if statement).

a) if ike_alg_get_encrypter fails on line 82
b) enc_desc is dereferenced on line 87.

This problem was newly found in RHEL 5.8 by Coverity difference scan on RHEL packages 5.7 → 5.8.

version: openswan-2.6.32
Comment 1 Avesh Agarwal 2011-10-21 13:54:23 UTC 
I looked at the code, and that seems like a false alarm. As the code checks for enc_desc is null or not before dereferencing it and return false.  So this seems like a not a bug.
Comment 2 Steve Grubb 2011-10-21 14:18:51 UTC 
Avesh, there is a bug there

        enc_desc = ike_alg_get_encrypter(ealg);

suppose this is NULL
        if (!enc_desc) {

It goes in here
                /* failure: encrypt algo must be present */
                snprintf(ugh_buf, ugh_buf_len, "encrypt algo not found");
                ret = FALSE;
it does not return, so it hits the next line
        } if ((key_len) && ((key_len < enc_desc->keyminlen)

segfaults here because it probably should be else if so that it skips over this block
Comment 3 Avesh Agarwal 2011-10-21 14:24:29 UTC 
Steve you are right, I mislooked it thinking ret=false is a return statement. i think that needs to be corrected.
Comment 6 Avesh Agarwal 2011-10-21 17:07:42 UTC 
This is cloned to bz 747966 for 6.2.
Comment 7 Paul Wouters 2011-10-23 04:34:04 UTC 
Fix commited, will be in openswan 2.6.37
Comment 8 Paul Wouters 2011-10-24 01:21:50 UTC 
note that ike_alg_get_encrypter() never returns NULL though...
Comment 11 RHEL Program Management 2012-04-19 11:51:27 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 13 Avesh Agarwal 2013-01-10 16:04:30 UTC 
This is already fixed as part of released openswan version in 5.9, so closing this.
Comment 14 Paul Wouters 2013-05-19 18:15:40 UTC 
Re-opening for rhel-5.10.0 as it has not yet been fixed in 5.9 despite comment #13 claiming so.
Comment 16 RHEL Program Management 2014-01-22 16:34:32 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Note You need to log in before you can comment on or make changes to this bug.