snprintf() truncates --rundir in plutomain.c

[markdgray]

mkdir /tmp/ipsec.d && ipsec initnss --nssdir /tmp/ipsec.d
mkdir /tmp/somelongpathxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
sudo ipsec pluto  --nssdir /tmp/ipsec.d --rundir/tmp/somelongpathxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
ls -al /tmp/some*

This returns:

srwx------. 1 root   root  0 Mar 30 13:12 /tmp/somelongpathxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

/tmp/somelongpathxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
total 12

The socket is not placed in the directory and is named incorrectly.

Even more confusing is when the length of rundir is 107 (sizeof(ctl_addr.sun_path)) characters (which was my case)

mkdir /tmp/ipsec.d && ipsec initnss --nssdir /tmp/ipsec.d
mkdir 
/tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/
sudo ipsec pluto  --nssdir /tmp/ipsec.d --rundir /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/

This returns the following which is really confusing!

pluto: FATAL: unable to create lock file "/tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/" (21 Is a directory)

Both are due to the following line in which the return code of snprintf() is not checked for truncation:

libreswan/programs/pluto/plutomain.c

Line 1100 in d2b9fbf

if (snprintf(pluto_lock, sizeof(pluto_lock),

[letoams]

We will fix it. But did you really have a need for a path longer than SUN_PATH ?

…

Sent from my iPhone

On Mar 30, 2021, at 13:18, Mark Gray ***@***.***> wrote:  mkdir /tmp/ipsec.d && ipsec initnss --nssdir /tmp/ipsec.d mkdir /tmp/somelongpathxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ sudo ipsec pluto --nssdir /tmp/ipsec.d --rundir/tmp/somelongpathxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ ls -al /tmp/some* This returns: srwx------. 1 root root 0 Mar 30 13:12 /tmp/somelongpathxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx /tmp/somelongpathxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: total 12 The socket does is not placed in the directory. Even more confusing is when the length of rundir is 107 (sizeof(ctl_addr.sun_path)) characters (which was my case) mkdir /tmp/ipsec.d && ipsec initnss --nssdir /tmp/ipsec.d mkdir /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ sudo ipsec pluto --nssdir /tmp/ipsec.d --rundir /tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ This returns the following which is really confusing! pluto: FATAL: unable to create lock file "/tmp/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/" (21 Is a directory) Both are due to the following line in which the return code of snprintf() is not checked for truncation: https://github.com/libreswan/libreswan/blob/d2b9fbfae9761c440e3ce21576b7a0fe80f6a3fe/programs/pluto/plutomain.c#L1100 — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[markdgray]

It was in a test environment. This is low priority as we can work around it but I wanted to raise it.

[cagney]

I suspect ctl_addr.sun_path can be replaced by a simple string pointer and alloc_printf()