Project

General

Profile

Bug #1488

charon crashes when running 'swanctl --load-conns'

Added by Kristoffer Lindahl about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Category:
libcharon
Target version:
Start date:
28.05.2016
Due date:
Estimated time:
Affected version:
5.4.0
Resolution:
Fixed

Description

If i define a connection in swanctl.conf and don't use 'updown' script in the children, charon crashes.
I downloaded and tested 5.4.1-1dr4, and i cannot reproduce the bug in that version.

Example config that crashes charon: (modified from https://www.strongswan.org/testing/testresults/swanctl/net2net-route/sun.swanctl.conf)

connections {

   rw {
      local_addrs  = 192.168.0.1

      local {
         auth = psk
      }
      remote {
         auth = psk
      }
      children {
         net {
            local_ts  = 10.1.0.0/16

            esp_proposals = aes128gcm128-modp3072
         }
      }
      version = 2
      proposals = aes128-sha256-modp3072
   }
}

secrets {

   ike-carol {
      id = 192.168.0.100
      secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
   }
   ike-dave {
      id = 192.168.0.200
      secret = 0sjVzONCF02ncsgiSlmIXeqhGN
   }
}

Related issues

Has duplicate Bug #1545: charon-systemd sigsev when loading configuration via vici at second attemptClosed01.07.2016

History

#1 Updated by Kristoffer Lindahl about 4 years ago

The stack-trace is:

May 28 15:39:08 fw-1 charon: 15[DMN] thread 15 received 11
May 28 15:39:08 fw-1 charon: 15[LIB]  dumping 15 stack frame addresses:
May 28 15:39:08 fw-1 charon: 15[LIB]    @ 0xb76fb000 (__kernel_sigreturn+0x0) [0xb76fb404]
May 28 15:39:08 fw-1 charon: 15[LIB]   /lib/i386-linux-gnu/i686/cmov/libc.so.6 @ 0xb7450000 [0xb7575838]
May 28 15:39:08 fw-1 charon: 15[LIB]     -> ??:0
May 28 15:39:08 fw-1 charon: 15[LIB]   /usr/lib/ipsec/libcharon.so.0 @ 0xb760c000 [0xb76196ff]
May 28 15:39:08 fw-1 charon: 15[LIB]     -> /root/data/data/strongswan/temp/strongswan-5.4.0/src/libcharon/config/child_cfg.c:581
May 28 15:39:08 fw-1 charon: 15[LIB]   /usr/lib/ipsec/libcharon.so.0 @ 0xb760c000 [0xb761b2cf]
May 28 15:39:09 fw-1 charon: 15[LIB]     -> /root/data/data/strongswan/temp/strongswan-5.4.0/src/libcharon/config/peer_cfg.c:279
May 28 15:39:09 fw-1 charon: 15[LIB]   /usr/lib/ipsec/plugins/libstrongswan-vici.so @ 0xb6c4c000 [0xb6c5baf6]
May 28 15:39:09 fw-1 charon: 15[LIB]     -> /root/data/data/strongswan/temp/strongswan-5.4.0/src/libcharon/plugins/vici/vici_config.c:1900
May 28 15:39:09 fw-1 charon: 15[LIB]   /usr/lib/ipsec/plugins/libstrongswan-vici.so @ 0xb6c4c000 [0xb6c5034a]
May 28 15:39:09 fw-1 charon: 15[LIB]     -> /root/data/data/strongswan/temp/strongswan-5.4.0/src/libcharon/plugins/vici/vici_message.c:532
May 28 15:39:09 fw-1 charon: 15[LIB]   /usr/lib/ipsec/plugins/libstrongswan-vici.so @ 0xb6c4c000 [0xb6c59483]
May 28 15:39:09 fw-1 charon: 15[LIB]     -> /root/data/data/strongswan/temp/strongswan-5.4.0/src/libcharon/plugins/vici/vici_config.c:2145
May 28 15:39:09 fw-1 charon: 15[LIB]   /usr/lib/ipsec/plugins/libstrongswan-vici.so @ 0xb6c4c000 (process_request+0x10c) [0xb6c51d9c]
May 28 15:39:09 fw-1 charon: 15[LIB]     -> /root/data/data/strongswan/temp/strongswan-5.4.0/src/libcharon/plugins/vici/vici_dispatcher.c:291
May 28 15:39:09 fw-1 charon: 15[LIB]   /usr/lib/ipsec/plugins/libstrongswan-vici.so @ 0xb6c4c000 [0xb6c5207f]
May 28 15:39:09 fw-1 charon: 15[LIB]     -> /root/data/data/strongswan/temp/strongswan-5.4.0/src/libcharon/plugins/vici/vici_dispatcher.c:347
May 28 15:39:09 fw-1 charon: 15[LIB]   /usr/lib/ipsec/plugins/libstrongswan-vici.so @ 0xb6c4c000 [0xb6c4efd3]
May 28 15:39:09 fw-1 charon: 15[LIB]     -> /root/data/data/strongswan/temp/strongswan-5.4.0/src/libcharon/plugins/vici/vici_socket.c:509
May 28 15:39:09 fw-1 charon: 15[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0xb769e000 [0xb76c94b9]
May 28 15:39:09 fw-1 charon: 15[LIB]     -> /root/data/data/strongswan/temp/strongswan-5.4.0/src/libstrongswan/processing/jobs/callback_job.c:78
May 28 15:39:09 fw-1 charon: 15[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0xb769e000 [0xb76c9dba]
May 28 15:39:09 fw-1 charon: 15[LIB]     -> /root/data/data/strongswan/temp/strongswan-5.4.0/src/libstrongswan/processing/processor.c:235
May 28 15:39:09 fw-1 charon: 15[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0xb769e000 [0xb76dbb17]
May 28 15:39:09 fw-1 charon: 15[LIB]     -> /root/data/data/strongswan/temp/strongswan-5.4.0/src/libstrongswan/threading/thread.c:322
May 28 15:39:09 fw-1 charon: 15[LIB]   /lib/i386-linux-gnu/i686/cmov/libpthread.so.0 @ 0xb75bc000 [0xb75c1c39]
May 28 15:39:09 fw-1 charon: 15[LIB]     -> ??:0
May 28 15:39:09 fw-1 charon: 15[LIB]   /lib/i386-linux-gnu/i686/cmov/libc.so.6 @ 0xb7450000 (clone+0x5e) [0xb7529bae]
May 28 15:39:09 fw-1 charon: 15[LIB]     -> ??:0
May 28 15:39:09 fw-1 charon: 15[DMN] killing ourself, received critical signal

#2 Updated by Noel Kuntze about 4 years ago

Added for reference:
Already discovered by Ryan Ruel of Akamai and reported in April this year

#3 Updated by Tobias Brunner about 4 years ago

  • Tracker changed from Issue to Bug
  • Description updated (diff)
  • Category set to libcharon
  • Status changed from New to Closed
  • Assignee set to Tobias Brunner
  • Target version set to 5.5.0
  • Resolution set to Fixed

This was fixed with: 85597f2983. As a workaround you could define an updown script in the config.

#4 Updated by Tobias Brunner about 4 years ago

  • Has duplicate Bug #1545: charon-systemd sigsev when loading configuration via vici at second attempt added

Also available in: Atom PDF