Project

General

Profile

Bug #417

Charon crashes with load-tester plugin

Added by Luis Vinay about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Tobias Brunner
Category:
charon
Target version:
5.1.1
Start date:
23.09.2013
Due date:
Estimated time:
Affected version:
5.1.0
Resolution:
Fixed

Description

Charon crashes when I activate load-tester plugin.

- strongwan 5.1.0
- gcc version 4.4.5 (Debian 4.4.5-8)
- compiled with --enable-load-tester

Got this from GDB:

01[NET] received packet: from 127.0.0.1[500] to 127.0.0.1[500] (272 bytes)
03[NET] sending packet: from 127.0.0.1[500] to 127.0.0.1[500] (305 bytes)
03[NET] received packet: from 127.0.0.1[500] to 127.0.0.1[500] (305 bytes)
03[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
03[IKE] received cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 
03[IKE] sending cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 
02[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
02[IKE] received cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 
01[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
01[IKE] received retransmit of request with ID 0, retransmitting response
01[NET] sending packet: from 127.0.0.1[500] to 127.0.0.1[500] (305 bytes)
01[NET] received packet: from 127.0.0.1[500] to 127.0.0.1[500] (305 bytes)
01[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
01[IKE] received cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 
01[IKE] sending cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 
04[IKE] sending cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 
02[IKE] sending cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff160e700 (LWP 29082)]
0x00007ffff3244c64 in create_cert_enumerator (this=0x6308d0, cert=<value optimized out>,
    key=<value optimized out>, id=0x7fffe87b09d0, trusted=<value optimized out>)
    at load_tester_creds.c:369
369                     peer_key = this->private->get_public_key(this->private);
(gdb) trace
Tracepoint 1 at 0x7ffff3244c64: file load_tester_creds.c, line 369.
(gdb) backtrace
#0  0x00007ffff3244c64 in create_cert_enumerator (this=0x6308d0, cert=<value optimized out>,
    key=<value optimized out>, id=0x7fffe87b09d0, trusted=<value optimized out>)
    at load_tester_creds.c:369
#1  0x00007ffff7ba5dbe in enumerate_nested (this=0x7fffe83e99d0, v1=0x7ffff160da40,
    v2=0x7ffff7ba6170, v3=0x7fffe8000000, v4=0x7fffe83e99c0, v5=<value optimized out>)
    at collections/enumerator.c:347
#2  0x00007ffff7bb2c2c in get_private (this=0x607f60, type=<value optimized out>,
    id=0x7fffe87b09d0, auth=0x7fffe8002be0) at credentials/credential_manager.c:1213
#3  0x00007ffff774f85e in build (this=0x7fffe8002f00, message=0x7fffe8007d50)
    at sa/ikev2/authenticators/pubkey_authenticator.c:72
#4  0x00007ffff7754ecc in build_i (this=0x7fffe8002d20, message=0x7fffe8007d50)
    at sa/ikev2/tasks/ike_auth.c:484
#5  0x00007ffff774be77 in initiate (this=0x7fffe8003090) at sa/ikev2/task_manager_v2.c:467
#6  0x00007ffff774d233 in process_response (this=0x7fffe8003090, msg=0xa4f2e0)
    at sa/ikev2/task_manager_v2.c:577
#7  process_message (this=0x7fffe8003090, msg=0xa4f2e0) at sa/ikev2/task_manager_v2.c:1212
#8  0x00007ffff7740ca7 in process_message (this=0x7fffe8002810, message=0xa4f2e0)
    at sa/ike_sa.c:1277
#9  0x00007ffff773c5a7 in execute (this=0xa49bd0) at processing/jobs/process_message_job.c:74
#10 0x00007ffff7bbcd09 in process_job (worker=0x63f820) at processing/processor.c:235
#11 process_jobs (worker=0x63f820) at processing/processor.c:321
#12 0x00007ffff7bbff77 in thread_main (this=<value optimized out>) at threading/thread.c:309
#13 0x00007ffff72828ca in start_thread () from /lib/libpthread.so.0
#14 0x00007ffff6de592d in clone () from /lib/libc.so.6
#15 0x0000000000000000 in ?? ()

Let me know if I have to give more details.

cheers

strongwan.conf (1.28 KB) strongwan.conf Luis Vinay, 24.09.2013 00:02

Associated revisions

Revision 90031b2f (diff)
Added by Tobias Brunner about 5 years ago

load-tester: Fix crash if private key was not loaded successfully

Fixes #417.

History

#1 Updated by Tobias Brunner about 5 years ago

  • Tracker changed from Issue to Bug
  • Description updated (diff)
  • Status changed from New to Closed
  • Assignee set to Tobias Brunner
  • Target version set to 5.1.1
  • Resolution set to Fixed

There were no checks in the constructor or create_cert_enumerator() in source:src/libcharon/plugins/load_tester/load_tester_creds.c that verified that the private key was loaded successfully (there is a check, though, in create_private_enumerator()). So if the load-tester plugin was in fact unable to load the private key you configured in charon.plugins.load-tester.issuer_key it would explain the crash here:

369                     peer_key = this->private->get_public_key(this->private);

When you start charon you should see a message like

01[CFG] loading load-tester private key from '/etc/ssl/vpnca/vpnca.key'

followed by at least one error message.

The associated commit should fix the crash, but you have to correct the issue with the private key to make this actually work.

Also available in: Atom PDF