[Swan-dev] Electric Fence

D. Hugh Redelmeier hugh at mimosa.com
Mon Jan 15 17:16:27 UTC 2018

Top posting just for context.

This sounds like the kind of thing that efence would catch.

I think that efence would not significantly increase the runtime of our 
test suit (this needs to be verified).  It would significantly improve the 
chance of catching errors like this.

It is true that we had a pool of unused mds to reduce the pressure on 
malloc.  That would mean that efence would be ineffective for most mds. 
I think that Andrew removed this pool.  In any case, there was a 
compile-time flag to remove it.

Recommendation: enable efence in test suite.

| From: Andrew Cagney <cagney at vault.libreswan.fi>
| To: swan-commit at lists.libreswan.org
| New commits:
| commit 52138cfdf3e6b2c386833e45117895c7cf4f2109
| Author: Andrew Cagney <cagney at gnu.org>
| Date:   Mon Jan 15 10:51:25 2018 -0500
|     ikev2: add debug-log to show a use-after-free
|     If the initial initator receives an MD containing INVALID_KE
|     it deletes the MD, and then kicks of a new KE calculation
|     passing that a fake-md.
|     Problem is in complete_v2_state_transition() which gets passed
|     a reference to the original, and now deleted MD and then tries
|     to use that to find ST.  Just by luck, the fake_md, gets allocated
|     the same location as the deleted MD.

More information about the Swan-dev mailing list