[strongSwan-dev] Potential bug with unaligned keys in kernel_netlink plugin
Владимир Подобаев
vpodobaev at mail.ru
Wed Mar 2 07:57:33 CET 2011
Hello.
In file kernel_netlink_ipsec.c you use the construct:
hdr->nlmsg_len += rthdr->rta_len;
It works ok, when key data is aligned to 4 (this is the normal case). But if some payload data (for example, a key) is not multiple of 4 - there will be a mismatch between nlmsg_len and the actual size of the xfrm message. Because XFRM_RTA_NEXT performs alignment, but RTA_LENGTH does not.
We made workaround for our needs by changing to:
hdr->nlmsg_len += RTA_ALIGN(rthdr->rta_len);
If this patch is ok and it does not break anything else - please, apply it to your code.
Best regards, Vladimir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20110302/c3567c19/attachment.html>
More information about the Dev
mailing list