Overview

File 0006-strongswan-4.6.4-bnc-840826-recursion-limit.patch of Package strongswan

From e07204b6f051449ea9ca77e9e3a935ded3662220 Mon Sep 17 00:00:00 2001
From: Marius Tomaschewski <mt@suse.de>
Date: Wed, 30 Oct 2013 18:03:35 +0100
References: bnc#840826
Upstream: yes
Subject: [PATCH] strongswan-4.6.4 bnc#840826 recursion limit

Added a recursion limit to get_route in netlink plugin to avoid
a charon crash while trying to find a source address when local
left is set to %any.

--- strongswan-4.3.4/src/charon/plugins/kernel_netlink/kernel_netlink_net.c.orig	2013-11-20 16:21:12.557324278 +0100
+++ strongswan-4.3.4/src/charon/plugins/kernel_netlink/kernel_netlink_net.c	2013-11-20 16:24:35.701170439 +0100
@@ -43,6 +43,9 @@
 #define IPSEC_ROUTING_TABLE_PRIO 100
 #endif
 
+/** maximum recursion when searching for addresses in get_route() */
+#define MAX_ROUTE_RECURSION 2
+
 typedef struct addr_entry_t addr_entry_t;
 
 /**
@@ -762,7 +765,7 @@
  * Get a route: If "nexthop", the nexthop is returned. source addr otherwise.
  */
 static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
-						 bool nexthop, host_t *candidate)
+						 bool nexthop, host_t *candidate, u_int recursion)
 {
 	netlink_buf_t request;
 	struct nlmsghdr *hdr, *out, *current;
@@ -772,7 +775,13 @@
 	int best = -1;
 	host_t *src = NULL, *gtw = NULL;
 	
-	DBG2(DBG_KNL, "getting address to reach %H", dest);
+	if (recursion > MAX_ROUTE_RECURSION)
+	{
+		return NULL;
+	}
+
+	DBG2(DBG_KNL, "getting %s to reach %H",
+			nexthop ? "nexthop" : "address", dest);
 	
 	memset(&request, 0, sizeof(request));
 
@@ -794,7 +803,8 @@
 	
 	if (this->socket->send(this->socket, hdr, &out, &len) != SUCCESS)
 	{
-		DBG1(DBG_KNL, "getting address to %H failed", dest);
+		DBG1(DBG_KNL, "getting %s to reach %H failed",
+				nexthop ? "nexthop" : "address", dest);
 		return NULL;
 	}
 	this->mutex->lock(this->mutex);
@@ -933,7 +943,7 @@
 static host_t* get_source_addr(private_kernel_netlink_net_t *this,
 							   host_t *dest, host_t *src)
 {
-	return get_route(this, dest, FALSE, src);
+	return get_route(this, dest, FALSE, src, 0);
 }
 
 /**
@@ -941,7 +951,7 @@
  */
 static host_t* get_nexthop(private_kernel_netlink_net_t *this, host_t *dest)
 {
-	return get_route(this, dest, TRUE, NULL);
+	return get_route(this, dest, TRUE, NULL, 0);
 }
 
 /**
openSUSE Build Service is sponsored by
Places