[Swan] [philippe at victor libreswan]$ git commit -m "EOF at EOL condition; even better fix. Was SIGSEGV'ing" ./lib/libipsecconf/parser.l

Philippe Vouters philippe.vouters at laposte.net
Wed Jan 9 00:18:17 EET 2013 

Dear everyone,

What should be an even better fix to the parser.l issue is the following:

<<EOF>> {
         if(parser_y_eof()) {
             yyterminate();
         } else if (ic_private.stack_ptr > 0 && stacktop->file != NULL) {
             fprintf(stderr,"ERROR: EOF at EOL condition found in %s\n",
stacktop->fileglob.gl_pathv[stacktop->fileglobcnt]);
             yyterminate();
         }
}
You should commit this change.

Untested : one could probably set ic_private.stack_ptr >= 0 instead of 
ic_private.stack_ptr > 0 above to detect an EOF at EOL condition inside 
/etc/ipsec.conf.

The previous commit was SIGSEGV'ing on the following configuration:

[philippe at victor C]$ sudo cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0     # conforms to second version of ipsec.conf specification
config setup
    # Debug-logging controls:  "none" for (almost) none, "all" for lots.
    # klipsdebug=none
    # plutodebug="none"
    # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
    klipsdebug=none
    plutodebug=controlmore
    protostack=netkey
    nat_traversal=yes
    virtual_private=%v4:!192.168.1.0/24,%v4:192.168.0.0/16
    oe=no
#   strictcrlpolicy=yes
#   crlcheckinterval=60
    interfaces=%defaultroute
#   overridemtu=1500

#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and 
uncomment this.
include /etc/ipsec.d/vouters.conf.xl2tpd
[philippe at victor C]$

because stacktop was an invalid pointer at EOF of /etc/ipsec.conf.

My changes are all based onto the reading of the code inside routines
1/ parser_y_nextglobfile
2/ parser_y_eof
3/ Openswan 2.6.38 EOF code.
inside parser.l

I have been trying to respect the reason for the change to the initial 
Libreswan code suppressing this sequence:
         if(parser_y_eof()) {
             yyterminate();
         }
which caused a premature parser end on
include /etc/ipsec.d/*.conf
or several include of different configuration files.

-- 
Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org

More information about the Swan mailing list