[Swan-dev] [libreswan/libreswan] Libreswan 3.23 segfault (#169) (fwd)

Paul Wouters paul at nohats.ca
Mon May 28 15:37:58 UTC 2018



---------- Forwarded message ----------
Date: Mon, 28 May 2018 05:33:16
From: csszep <notifications at github.com>
Cc: "Paul Wouters (libreswan)" <paul at cypherpunks.ca>,
     Comment <comment at noreply.github.com>
To: libreswan/libreswan <libreswan at noreply.github.com>
Subject: Re: [libreswan/libreswan] Libreswan 3.23 segfault (#169)


Hi!

Another crash today.

Better log that i sent earlier:

It seems the crash happens if openswan tried to delete a bogus SPI (bogusst = 0x0 in find_phase2_state_to_delete )

2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1170: received Delete SA payload: replace IPSEC State #1173 now
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1170: warning: Delete SA payload: PROTO_IPSEC_ESP SA(0xb03ed3f4) is our own SPI (bogus
implementation) - deleting anyway
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1170: received Delete SA payload: already replacing IPSEC State #1173 in 0 seconds
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1170: received and ignored empty informational notification payload
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1173: deleting state (STATE_QUICK_R2) and sending notification
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1173: ESP traffic information: in=2KB out=80B
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1170: received Delete SA payload: self-deleting ISAKMP State #1170
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1170: deleting state (STATE_MAIN_I4) and sending notification
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1170: reschedule pending Phase 2 of connection"customer1" state #1191: - the parent is
going away
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1170: reschedule pending Phase 2 of connection"customer1" state #1185: - the parent is
going away
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: packet from 5.6.7.8:500: received and ignored empty informational notification payload
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: packet from 5.6.7.8:500: ignoring unknown Vendor ID payload [5b362bc820f60007]
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1192: responding to Main Mode
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1192: STATE_MAIN_R1: sent MR1, expecting MI2
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1193: initiating Main Mode
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1191: deleting state (STATE_QUICK_I1)
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1185: deleting state (STATE_QUICK_I1)
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: packet from 5.6.7.8:500: received and ignored informational message
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: packet from 5.6.7.8:500: received and ignored informational message
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1192: STATE_MAIN_R2: sent MR2, expecting MI3
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1193: ignoring unknown Vendor ID payload [5b362bc820f60007]
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1193: STATE_MAIN_I2: sent MI2, expecting MR2
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1192: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: | ISAKMP Notification Payload
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: | 00 00 00 1c 00 00 00 01 01 10 60 02
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1192: Peer ID is ID_IPV4_ADDR: '5.6.7.8'
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1192: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY
cipher=3des_cbc_192 integ=sha group=MODP1024}
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1193: STATE_MAIN_I3: sent MI3, expecting MR3
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1192: the peer proposed: 1.2.3.4/32:0/0 -> 5.6.7.8/32:0/0
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1194: responding to Quick Mode proposal {msgid:0f87a4be}
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1194: us: 1.2.3.4/32===1.2.3.4<1.2.3.4>
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1194: them: 5.6.7.8<5.6.7.8>===5.6.7.8/32
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1194: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode
{ESP=>0xcb10750e <0xb03ed3ff xfrm=3DES_CBC_0-HMAC_SHA1_96 NATOA=none NATD=none DPD=active}
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1193: Peer ID is ID_IPV4_ADDR: '5.6.7.8'
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1193: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=3des_cbc_192
integ=sha group=MODP1024}
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1194: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xcb10750e <0xb03ed3ff
xfrm=3DES_CBC_0-HMAC_SHA1_96 NATOA=none NATD=none DPD=active}
2018-05-28T09:41:40+02:00 firewall1 pluto[14190]: "customer1" #1195: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x3d30750e
<0xb03ed400 xfrm=3DES_CBC_0-HMAC_SHA1_96 NATOA=none NATD=none DPD=active}
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #1193: received Delete SA payload: replace IPSEC State #1195 now
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #1193: warning: Delete SA payload: PROTO_IPSEC_ESP SA(0xb03ed400) is our own SPI (bogus
implementation) - deleting anyway
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #1193: received Delete SA payload: already replacing IPSEC State #1195 in 0 seconds
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #1193: received and ignored empty informational notification payload
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #1195: deleting state (STATE_QUICK_I2) and sending notification
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #1195: ESP traffic information: in=0B out=0B
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #1193: received Delete SA(0xcb10750e) payload: deleting IPSEC State #1194
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #1194: deleting other state #1194 (STATE_QUICK_R2) and sending notification
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #1194: ESP traffic information: in=0B out=0B
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #1196: deleting state (STATE_QUICK_I1)
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #888: deleting state (STATE_QUICK_R2) and sending notification
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #888: ESP traffic information: in=10KB out=274KB
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #1193: deleting state (STATE_MAIN_I4) and sending notification
2018-05-28T09:41:44+02:00 firewall1 pluto[14190]: "customer1" #1192: deleting state (STATE_MAIN_R3) and sending notification
2018-05-28T09:41:44+02:00 firewall1 kernel: [45624349.483228] pluto[14190] general protection ip:7f6906886dcb sp:7fff5538de50 error:0 in
pluto[7f690682e000+13e000]
2018-05-28T09:41:44+02:00 firewall1 logger: file core_pluto_pid_14190_killed_with_11 created
2018-05-28T09:41:44+02:00 firewall1 logger: file /var/crash/core_pluto_pid_15178_killed_with_11.gz deleted
2018-05-28T09:41:44+02:00 firewall1 ipsec__plutorun: !pluto failure!: exited with error status 139 (signal 11)
2018-05-28T09:41:44+02:00 firewall1 ipsec__plutorun: restarting IPsec after pause...

BT :

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f6906886dcb in find_phase2_state_to_delete (p1st=p1st at entry=0x7f6908974fc0, protoid=3 '\003', spi=4292034224,
bogus=bogus at entry=0x7fff5538defb) at /root/libreswan-3.23/programs/pluto/state.c:1793
1793 FOR_EACH_COOKIED_STATE(st, {
(gdb) bt
#0 0x00007f6906886dcb in find_phase2_state_to_delete (p1st=p1st at entry=0x7f6908974fc0, protoid=3 '\003', spi=4292034224,
bogus=bogus at entry=0x7fff5538defb) at /root/libreswan-3.23/programs/pluto/state.c:1793
#1 0x00007f690689dfa5 in accept_delete (md=md at entry=0x7f6908200560, p=p at entry=0x7f6908200718) at /root/libreswan-3.23/programs/pluto/ikev1_main.c:2611
#2 0x00007f6906897b34 in process_packet_tail (mdp=mdp at entry=0x7fff5538e198) at /root/libreswan-3.23/programs/pluto/ikev1.c:2192
#3 0x00007f6906898379 in process_v1_packet (mdp=mdp at entry=0x7fff5538e198) at /root/libreswan-3.23/programs/pluto/ikev1.c:1728
#4 0x00007f69068cdcfb in process_packet (mdp=mdp at entry=0x7fff5538e198) at /root/libreswan-3.23/programs/pluto/demux.c:164
#5 0x00007f69068ce1eb in comm_handle (ifp=) at /root/libreswan-3.23/programs/pluto/demux.c:374
#6 comm_handle_cb (fd=, event=, arg=) at /root/libreswan-3.23/programs/pluto/demux.c:195
#7 0x00007f6904a70f24 in event_base_loop () from /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5
#8 0x00007f690688cc49 in call_server () at /root/libreswan-3.23/programs/pluto/server.c:1121
#9 0x00007f6906853c4f in main (argc=, argv=) at /root/libreswan-3.23/programs/pluto/plutomain.c:1749

BT full:

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f6906886dcb in find_phase2_state_to_delete (p1st=p1st at entry=0x7f6908974fc0, protoid=3 '\003', spi=4292034224,
bogus=bogus at entry=0x7fff5538defb) at /root/libreswan-3.23/programs/pluto/state.c:1793
1793 FOR_EACH_COOKIED_STATE(st, {
(gdb) bt full
#0 0x00007f6906886dcb in find_phase2_state_to_delete (p1st=p1st at entry=0x7f6908974fc0, protoid=3 '\003', spi=4292034224,
bogus=bogus at entry=0x7fff5538defb) at /root/libreswan-3.23/programs/pluto/state.c:1793
c = 0x7f6908105c50
stentry = 0x7f69087dae28
st = 0x7f69082f52c0
p1c = 0xfbfbfbfbfbfbfbfb
bogusst = 0x0
#1 0x00007f690689dfa5 in accept_delete (md=md at entry=0x7f6908200560, p=p at entry=0x7f6908200718) at /root/libreswan-3.23/programs/pluto/ikev1_main.c:2611
spi = 4292034224
bogus = false
dst =
st = 0x7f6908974fc0
d =
sizespi =
i = 1
self_delete = false
func = "accept_delete"
#2 0x00007f6906897b34 in process_packet_tail (mdp=mdp at entry=0x7fff5538e198) at /root/libreswan-3.23/programs/pluto/ikev1.c:2192
p = 0x7f6908200718
md = 0x7f6908200560
st = 0x7f6908974fc0
from_state = STATE_INFO_PROTECTED
smc = 0x7f6906b74030 <v1_state_microcode_table+1392>
new_iv_set =
self_delete = false
func = "process_packet_tail"
#3 0x00007f6906898379 in process_v1_packet (mdp=mdp at entry=0x7fff5538e198) at /root/libreswan-3.23/programs/pluto/ikev1.c:1728
md = 0x7f6908200560
smc = 0x7f6906b74030 <v1_state_microcode_table+1392>
new_iv_set = true
st = 0x7f6908974fc0
from_state = STATE_INFO_PROTECTED
func = "process_v1_packet"
fs =
FUNCTION = "process_v1_packet"
#4 0x00007f69068cdcfb in process_packet (mdp=mdp at entry=0x7fff5538e198) at /root/libreswan-3.23/programs/pluto/demux.c:164
md =
vmaj =
vmin =
#5 0x00007f69068ce1eb in comm_handle (ifp=) at /root/libreswan-3.23/programs/pluto/demux.c:374
old_from = {u = {v4 = {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, v6 = {sin6_family = 0,
sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__in6_u = {
__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}}
md = 0x7f6908200560
#6 comm_handle_cb (fd=, event=, arg=) at /root/libreswan-3.23/programs/pluto/demux.c:195
No locals.
#7 0x00007f6904a70f24 in event_base_loop () from /usr/lib/x86_64-linux-gnu/libevent-2.0.so.5
No symbol table info available.
#8 0x00007f690688cc49 in call_server () at /root/libreswan-3.23/programs/pluto/server.c:1121
r =
func = "call_server"
#9 0x00007f6906853c4f in main (argc=, argv=) at /root/libreswan-3.23/programs/pluto/plutomain.c:1749
log_to_stderr_desired =
log_to_file_desired = false
---Type to continue, or q to quit---
virtual_private = 0x0
func = "main"

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.[AC3V-bxakmE4U22ffsAjF2BHvIeCg1bfks5t28RcgaJpZM4TAMuY.gif]




More information about the Swan-dev mailing list