-
Notifications
You must be signed in to change notification settings - Fork 220
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
snprintf() truncates --rundir in plutomain.c #428
Comments
We will fix it. But did you really have a need for a path longer than SUN_PATH ?
…Sent from my iPhone
On Mar 30, 2021, at 13:18, Mark Gray ***@***.***> wrote:
mkdir /tmp/ipsec.d && ipsec initnss --nssdir /tmp/ipsec.d
mkdir /tmp/somelongpathxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
sudo ipsec pluto --nssdir /tmp/ipsec.d --rundir/tmp/somelongpathxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
ls -al /tmp/some*
This returns:
srwx------. 1 root root 0 Mar 30 13:12 /tmp/somelongpathxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
/tmp/somelongpathxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
total 12
The socket does is not placed in the directory.
Even more confusing is when the length of rundir is 107 (sizeof(ctl_addr.sun_path)) characters (which was my case)
mkdir /tmp/ipsec.d && ipsec initnss --nssdir /tmp/ipsec.d
mkdir
/tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
sudo ipsec pluto --nssdir /tmp/ipsec.d --rundir /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
This returns the following which is really confusing!
pluto: FATAL: unable to create lock file "/tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/" (21 Is a directory)
Both are due to the following line in which the return code of snprintf() is not checked for truncation: https://github.com/libreswan/libreswan/blob/d2b9fbfae9761c440e3ce21576b7a0fe80f6a3fe/programs/pluto/plutomain.c#L1100
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
It was in a test environment. This is low priority as we can work around it but I wanted to raise it. |
I suspect ctl_addr.sun_path can be replaced by a simple string pointer and alloc_printf() |
Rishabh-Kumar-07
pushed a commit
to Rishabh-Kumar-07/libreswan
that referenced
this issue
Aug 20, 2021
Rishabh-Kumar-07
pushed a commit
to Rishabh-Kumar-07/libreswan
that referenced
this issue
Aug 21, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This returns:
The socket is not placed in the directory and is named incorrectly.
Even more confusing is when the length of rundir is 107 (sizeof(ctl_addr.sun_path)) characters (which was my case)
This returns the following which is really confusing!
Both are due to the following line in which the return code of snprintf() is not checked for truncation:
libreswan/programs/pluto/plutomain.c
Line 1100 in d2b9fbf
The text was updated successfully, but these errors were encountered: