[Swan] [philippe at victor libreswan]$ git commit -m "EOF at EOL condition; even better fix. Was SIGSEGV'ing" ./lib/libipsecconf/parser.l
Philippe Vouters
philippe.vouters at laposte.net
Wed Jan 9 00:18:17 EET 2013
Dear everyone,
What should be an even better fix to the parser.l issue is the following:
<<EOF>> {
if(parser_y_eof()) {
yyterminate();
} else if (ic_private.stack_ptr > 0 && stacktop->file != NULL) {
fprintf(stderr,"ERROR: EOF at EOL condition found in %s\n",
stacktop->fileglob.gl_pathv[stacktop->fileglobcnt]);
yyterminate();
}
}
You should commit this change.
Untested : one could probably set ic_private.stack_ptr >= 0 instead of
ic_private.stack_ptr > 0 above to detect an EOF at EOL condition inside
/etc/ipsec.conf.
The previous commit was SIGSEGV'ing on the following configuration:
[philippe at victor C]$ sudo cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="none"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
klipsdebug=none
plutodebug=controlmore
protostack=netkey
nat_traversal=yes
virtual_private=%v4:!192.168.1.0/24,%v4:192.168.0.0/16
oe=no
# strictcrlpolicy=yes
# crlcheckinterval=60
interfaces=%defaultroute
# overridemtu=1500
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and
uncomment this.
include /etc/ipsec.d/vouters.conf.xl2tpd
[philippe at victor C]$
because stacktop was an invalid pointer at EOF of /etc/ipsec.conf.
My changes are all based onto the reading of the code inside routines
1/ parser_y_nextglobfile
2/ parser_y_eof
3/ Openswan 2.6.38 EOF code.
inside parser.l
I have been trying to respect the reason for the change to the initial
Libreswan code suppressing this sequence:
if(parser_y_eof()) {
yyterminate();
}
which caused a premature parser end on
include /etc/ipsec.d/*.conf
or several include of different configuration files.
--
Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org
More information about the Swan
mailing list