Project

General

Profile

Bug #417

Charon crashes with load-tester plugin

Added by Luis Vinay almost 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Tobias Brunner
Category:
charon
Target version:
5.1.1
Start date:
23.09.2013
Due date:
Estimated time:
Affected version:
5.1.0
Resolution:
Fixed

Description

Charon crashes when I activate load-tester plugin.

- strongwan 5.1.0
- gcc version 4.4.5 (Debian 4.4.5-8)
- compiled with --enable-load-tester

Got this from GDB:

01[NET] received packet: from 127.0.0.1[500] to 127.0.0.1[500] (272 bytes)
03[NET] sending packet: from 127.0.0.1[500] to 127.0.0.1[500] (305 bytes)
03[NET] received packet: from 127.0.0.1[500] to 127.0.0.1[500] (305 bytes)
03[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
03[IKE] received cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 
03[IKE] sending cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 
02[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
02[IKE] received cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 
01[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
01[IKE] received retransmit of request with ID 0, retransmitting response
01[NET] sending packet: from 127.0.0.1[500] to 127.0.0.1[500] (305 bytes)
01[NET] received packet: from 127.0.0.1[500] to 127.0.0.1[500] (305 bytes)
01[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
01[IKE] received cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 
01[IKE] sending cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 
04[IKE] sending cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 
02[IKE] sending cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff160e700 (LWP 29082)]
0x00007ffff3244c64 in create_cert_enumerator (this=0x6308d0, cert=<value optimized out>,
    key=<value optimized out>, id=0x7fffe87b09d0, trusted=<value optimized out>)
    at load_tester_creds.c:369
369                     peer_key = this->private->get_public_key(this->private);
(gdb) trace
Tracepoint 1 at 0x7ffff3244c64: file load_tester_creds.c, line 369.
(gdb) backtrace
#0  0x00007ffff3244c64 in create_cert_enumerator (this=0x6308d0, cert=<value optimized out>,
    key=<value optimized out>, id=0x7fffe87b09d0, trusted=<value optimized out>)
    at load_tester_creds.c:369
#1  0x00007ffff7ba5dbe in enumerate_nested (this=0x7fffe83e99d0, v1=0x7ffff160da40,
    v2=0x7ffff7ba6170, v3=0x7fffe8000000, v4=0x7fffe83e99c0, v5=<value optimized out>)
    at collections/enumerator.c:347
#2  0x00007ffff7bb2c2c in get_private (this=0x607f60, type=<value optimized out>,
    id=0x7fffe87b09d0, auth=0x7fffe8002be0) at credentials/credential_manager.c:1213
#3  0x00007ffff774f85e in build (this=0x7fffe8002f00, message=0x7fffe8007d50)
    at sa/ikev2/authenticators/pubkey_authenticator.c:72
#4  0x00007ffff7754ecc in build_i (this=0x7fffe8002d20, message=0x7fffe8007d50)
    at sa/ikev2/tasks/ike_auth.c:484
#5  0x00007ffff774be77 in initiate (this=0x7fffe8003090) at sa/ikev2/task_manager_v2.c:467
#6  0x00007ffff774d233 in process_response (this=0x7fffe8003090, msg=0xa4f2e0)
    at sa/ikev2/task_manager_v2.c:577
#7  process_message (this=0x7fffe8003090, msg=0xa4f2e0) at sa/ikev2/task_manager_v2.c:1212
#8  0x00007ffff7740ca7 in process_message (this=0x7fffe8002810, message=0xa4f2e0)
    at sa/ike_sa.c:1277
#9  0x00007ffff773c5a7 in execute (this=0xa49bd0) at processing/jobs/process_message_job.c:74
#10 0x00007ffff7bbcd09 in process_job (worker=0x63f820) at processing/processor.c:235
#11 process_jobs (worker=0x63f820) at processing/processor.c:321
#12 0x00007ffff7bbff77 in thread_main (this=<value optimized out>) at threading/thread.c:309
#13 0x00007ffff72828ca in start_thread () from /lib/libpthread.so.0
#14 0x00007ffff6de592d in clone () from /lib/libc.so.6
#15 0x0000000000000000 in ?? ()

Let me know if I have to give more details.

cheers

strongwan.conf (1.28 KB) strongwan.conf Luis Vinay, 24.09.2013 00:02

History

#1 Updated by Tobias Brunner almost 12 years ago

  • Tracker changed from Issue to Bug
  • Description updated (diff)
  • Status changed from New to Closed
  • Assignee set to Tobias Brunner
  • Target version set to 5.1.1
  • Resolution set to Fixed

There were no checks in the constructor or create_cert_enumerator() in source:src/libcharon/plugins/load_tester/load_tester_creds.c that verified that the private key was loaded successfully (there is a check, though, in create_private_enumerator()). So if the load-tester plugin was in fact unable to load the private key you configured in charon.plugins.load-tester.issuer_key it would explain the crash here:

369                     peer_key = this->private->get_public_key(this->private);

When you start charon you should see a message like

01[CFG] loading load-tester private key from '/etc/ssl/vpnca/vpnca.key'

followed by at least one error message.

The associated commit should fix the crash, but you have to correct the issue with the private key to make this actually work.