File 0006-strongswan-4.6.4-bnc-840826-recursion-limi... of Package strongswan.2174

Overview Repositories Revisions Requests Users Attributes Meta

File 0006-strongswan-4.6.4-bnc-840826-recursion-limit.patch of Package strongswan.2174

From e07204b6f051449ea9ca77e9e3a935ded3662220 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Wed, 30 Oct 2013 18:03:35 +0100
References: bnc#840826
Upstream: yes
Subject: [PATCH] strongswan-4.6.4 bnc#840826 recursion limit

Added a recursion limit to get_route in netlink plugin to avoid
a charon crash while trying to find a source address when local
left is set to %any.
---
 .../plugins/kernel_netlink/kernel_netlink_net.c    | 23 ++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index cce0ff4..743decf 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -58,6 +58,9 @@
 /** delay before firing roam events (ms) */
 #define ROAM_DELAY 100
 
+/** maximum recursion when searching for addresses in get_route() */
+#define MAX_ROUTE_RECURSION 2
+
 typedef struct addr_entry_t addr_entry_t;
 
 /**
@@ -852,7 +855,7 @@ static bool addr_in_subnet(chunk_t addr, chunk_t net, int net_len)
  * Get a route: If "nexthop", the nexthop is returned. source addr otherwise.
  */
 static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
-						 bool nexthop, host_t *candidate)
+						 bool nexthop, host_t *candidate, u_int recursion)
 {
 	netlink_buf_t request;
 	struct nlmsghdr *hdr, *out, *current;
@@ -863,7 +866,13 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
 	enumerator_t *enumerator;
 	host_t *src = NULL, *gtw = NULL;
 
-	DBG2(DBG_KNL, "getting address to reach %H", dest);
+	if (recursion > MAX_ROUTE_RECURSION)
+	{
+		return NULL;
+	}
+
+	DBG2(DBG_KNL, "getting %s to reach %H",
+			nexthop ? "nexthop" : "address", dest);
 
 	memset(&request, 0, sizeof(request));
 
@@ -891,7 +900,8 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
 
 	if (this->socket->send(this->socket, hdr, &out, &len) != SUCCESS)
 	{
-		DBG1(DBG_KNL, "getting address to %H failed", dest);
+		DBG1(DBG_KNL, "getting %s to reach %H failed",
+				nexthop ? "nexthop" : "address", dest);
 		return NULL;
 	}
 	this->mutex->lock(this->mutex);
@@ -1021,7 +1031,8 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
 				if (rta_gtw.ptr)
 				{	/* no source, but a gateway. Lookup source to reach gtw. */
 					new_gtw = host_create_from_chunk(msg->rtm_family, rta_gtw, 0);
-					new_src = get_route(this, new_gtw, FALSE, candidate);
+					new_src = get_route(this, new_gtw, FALSE, candidate,
+								recursion + 1);
 					new_gtw->destroy(new_gtw);
 					if (new_src)
 					{
@@ -1055,13 +1066,13 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
 METHOD(kernel_net_t, get_source_addr, host_t*,
 	private_kernel_netlink_net_t *this, host_t *dest, host_t *src)
 {
-	return get_route(this, dest, FALSE, src);
+	return get_route(this, dest, FALSE, src, 0);
 }
 
 METHOD(kernel_net_t, get_nexthop, host_t*,
 	private_kernel_netlink_net_t *this, host_t *dest)
 {
-	return get_route(this, dest, TRUE, NULL);
+	return get_route(this, dest, TRUE, NULL, 0);
 }
 
 /**
-- 
1.8.4

Places

File 0006-strongswan-4.6.4-bnc-840826-recursion-limit.patch of Package strongswan.2174

Places