[strongSwan] bufferoverflow in current git version with non ipv6 kernel

Tobias Brunner tobias at strongswan.org
Fri Jun 14 17:34:09 CEST 2013

Hi Gerald,

> The reason is that ipv6_natt is 0 instead of -1 (default has changed
> recently).

Thanks for the report.  Fixed with [1].

> In addition I get another buffer overflow message, which seems to 
> happen inside of socket_default_socket.c in METHOD(socket_t, sender. 
> As soon as I compile with –O0 everything is fine, so this might be a 
> compiler bug (gcc is 4.5.4), but in case anyone has an idea how to 
> really fix it, please let me know

I was able to reproduce this, but in my case it happened in receiver()
not sender().  The problem there was that apparently FD_ISSET has
problems if the given FD is negative.  Fix can be found at [2].


[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=18898377
[2] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=c6f1929a

More information about the Users mailing list