[Swan-dev] crash during testing xauth (1) when trying to retransmit

Antony Antony antony at phenome.org
Sun Oct 1 09:03:18 UTC 2017 

On Sat, Sep 30, 2017 at 08:18:03PM -0400, D. Hugh Redelmeier wrote:
> Sadly this is old news -- I've been isolated due to cable problems and 
> other commitments.
> 
> The last commit on the tree I'm working from is Tuomo's 
> 18f05093e718b803480be2dd94c24eef8d7b6f69
> 2017-09-28 12:39:50
> 
> I'm testing some changes that I don't think cause this crash.  I probably 
> won't check them in until the crash is fixed (just in case).
> 
> testing/pluto/xauth-pluto-08 failed east:CORE,output-different road:output-different
> 
> Core was generated by `/usr/local/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofo'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  libreswan_DBG_dump (label=label at entry=0x0, p=p at entry=0x0, len=len at entry=436) at /source/lib/libswan/libreswan_DBG_dump.c:71
> 71                                      *bp++ = hexdig[(*cp >> 4) & 0xF];
> #0  libreswan_DBG_dump (label=label at entry=0x0, p=p at entry=0x0, len=len at entry=436) at /source/lib/libswan/libreswan_DBG_dump.c:71
> #1  0x00007fa60d10e28d in send_packet (st=st at entry=0x7fa60edfb618, where=where at entry=0x7fa60d199abb "EVENT_v1_RETRANSMIT", just_a_keepalive=just_a_keepalive at entry=false, aptr=<optimized out>, alen=alen at entry=436, bptr=bptr at entry=0x0, blen=0) at /source/programs/pluto/server.c:1337
> #2  0x00007fa60d10e6c1 in send_or_resend_ike_msg (st=st at entry=0x7fa60edfb618, where=where at entry=0x7fa60d199abb "EVENT_v1_RETRANSMIT", resending=resending at entry=true) at /source/programs/pluto/server.c:1571
> #3  0x00007fa60d10eab2 in resend_ike_v1_msg (st=st at entry=0x7fa60edfb618, where=where at entry=0x7fa60d199abb "EVENT_v1_RETRANSMIT") at /source/programs/pluto/server.c:1617
> #4  0x00007fa60d1110f3 in retransmit_v1_msg (st=0x7fa60edfb618) at /source/programs/pluto/timer.c:166
> #5  timer_event_cb (fd=<optimized out>, event=<optimized out>, arg=<optimized out>) at /source/programs/pluto/timer.c:723
> #6  0x00007fa60ae7f3cc in event_process_active_single_queue (activeq=0x7fa60edeae10, base=0x7fa60edea9f0) at event.c:1350
> #7  event_process_active (base=<optimized out>) at event.c:1420
> #8  event_base_loop (base=0x7fa60edea9f0, flags=flags at entry=0) at event.c:1621
> #9  0x00007fa60d10d73d in main_loop () at /source/programs/pluto/server.c:813
> #10 call_server () at /source/programs/pluto/server.c:946
> #11 0x00007fa60d0d90d6 in main (argc=<optimized out>, argv=<optimized out>) at /source/programs/pluto/plutomain.c:1812
> 
> 
> Partial analysis:
> 
> Pluto is trying to resend a packet.  That packet is supposed to be in
> st_tpacket.  But st_tpacket.ptr is NULL.  Oops.
> 
> I seem to remember that retransmission logic is different in xauth
> from the rest of IKEv1 code.
> 
> Who is going to look into this one?

I looked into it yesterday. And I justed pushed a change and continue
testing.

In the testing it seemed to happen intermittentdly when the client fail to 
get user password and the responder has to retransmit last message. To 
reproduce it consistantly add --impair-send-no-xauth-r0 on the responder.

> I'm freezing my test system, at least for now, so that further
> investigation can be done.

More information about the Swan-dev mailing list