From: Bin Li <lib...@gm...> - 2009-04-17 09:38:04
|
On Fri, Apr 17, 2009 at 5:02 PM, VANHULLEBUS Yvan <va...@fr...> wrote: > On Fri, Apr 17, 2009 at 04:03:26PM +0800, Bin Li wrote: > [...] >> It's the ipsec-tools bug. It's caused when not use the memory >> correctly with malloc, when the memory was freed it crash. >> I write a patch for it, now it works fine. > > I had a very quick look at HEAD's code, where your patch doesn't apply > directly, and I guess the real fix is the one I attached to this mail. > > As I quite never had a look at racoonctl before, could someone else > check it and confirm before I commit ? > Thanks, I met this issue in 0.7.1, so the patch fixed in this version. And I try your patch in ipsec-tools-0.8-alpha20090126, it don't crush, but the racoon prompt 2009-04-17 17:28:07: ERROR: malformed message (login too long) When I change - buf = make_request(ADMIN_LOGOUT_USER, 0, LOGINLEN); + buf = make_request(ADMIN_LOGOUT_USER, 0, strlen(user)); if (buf == NULL) return NULL; - strncpy(buf->v + sizeof(struct admin_com), user, LOGINLEN); + strncpy(buf->v + sizeof(struct admin_com), user, strlen(user)); Then the racoon prompt: 2009-04-17 17:37:09: INFO: deleted 0 SA for user "loginl" It looks fine. > Yvan. > |