Bug #417
Charon crashes with load-tester plugin
Description
Charon crashes when I activate load-tester plugin.
- strongwan 5.1.0
- gcc version 4.4.5 (Debian 4.4.5-8)
- compiled with --enable-load-tester
Got this from GDB:
01[NET] received packet: from 127.0.0.1[500] to 127.0.0.1[500] (272 bytes) 03[NET] sending packet: from 127.0.0.1[500] to 127.0.0.1[500] (305 bytes) 03[NET] received packet: from 127.0.0.1[500] to 127.0.0.1[500] (305 bytes) 03[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] 03[IKE] received cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 03[IKE] sending cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 02[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] 02[IKE] received cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 01[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] 01[IKE] received retransmit of request with ID 0, retransmitting response 01[NET] sending packet: from 127.0.0.1[500] to 127.0.0.1[500] (305 bytes) 01[NET] received packet: from 127.0.0.1[500] to 127.0.0.1[500] (305 bytes) 01[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] 01[IKE] received cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 01[IKE] sending cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 04[IKE] sending cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" 02[IKE] sending cert request for "C=AR, ST=C.A.B.A., O=LuisV.com.ar, CN=CA LuisV.com.ar" Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff160e700 (LWP 29082)] 0x00007ffff3244c64 in create_cert_enumerator (this=0x6308d0, cert=<value optimized out>, key=<value optimized out>, id=0x7fffe87b09d0, trusted=<value optimized out>) at load_tester_creds.c:369 369 peer_key = this->private->get_public_key(this->private); (gdb) trace Tracepoint 1 at 0x7ffff3244c64: file load_tester_creds.c, line 369. (gdb) backtrace #0 0x00007ffff3244c64 in create_cert_enumerator (this=0x6308d0, cert=<value optimized out>, key=<value optimized out>, id=0x7fffe87b09d0, trusted=<value optimized out>) at load_tester_creds.c:369 #1 0x00007ffff7ba5dbe in enumerate_nested (this=0x7fffe83e99d0, v1=0x7ffff160da40, v2=0x7ffff7ba6170, v3=0x7fffe8000000, v4=0x7fffe83e99c0, v5=<value optimized out>) at collections/enumerator.c:347 #2 0x00007ffff7bb2c2c in get_private (this=0x607f60, type=<value optimized out>, id=0x7fffe87b09d0, auth=0x7fffe8002be0) at credentials/credential_manager.c:1213 #3 0x00007ffff774f85e in build (this=0x7fffe8002f00, message=0x7fffe8007d50) at sa/ikev2/authenticators/pubkey_authenticator.c:72 #4 0x00007ffff7754ecc in build_i (this=0x7fffe8002d20, message=0x7fffe8007d50) at sa/ikev2/tasks/ike_auth.c:484 #5 0x00007ffff774be77 in initiate (this=0x7fffe8003090) at sa/ikev2/task_manager_v2.c:467 #6 0x00007ffff774d233 in process_response (this=0x7fffe8003090, msg=0xa4f2e0) at sa/ikev2/task_manager_v2.c:577 #7 process_message (this=0x7fffe8003090, msg=0xa4f2e0) at sa/ikev2/task_manager_v2.c:1212 #8 0x00007ffff7740ca7 in process_message (this=0x7fffe8002810, message=0xa4f2e0) at sa/ike_sa.c:1277 #9 0x00007ffff773c5a7 in execute (this=0xa49bd0) at processing/jobs/process_message_job.c:74 #10 0x00007ffff7bbcd09 in process_job (worker=0x63f820) at processing/processor.c:235 #11 process_jobs (worker=0x63f820) at processing/processor.c:321 #12 0x00007ffff7bbff77 in thread_main (this=<value optimized out>) at threading/thread.c:309 #13 0x00007ffff72828ca in start_thread () from /lib/libpthread.so.0 #14 0x00007ffff6de592d in clone () from /lib/libc.so.6 #15 0x0000000000000000 in ?? ()
Let me know if I have to give more details.
cheers
Associated revisions
History
#1 Updated by Tobias Brunner almost 9 years ago
- Tracker changed from Issue to Bug
- Description updated (diff)
- Status changed from New to Closed
- Assignee set to Tobias Brunner
- Target version set to 5.1.1
- Resolution set to Fixed
There were no checks in the constructor or create_cert_enumerator()
in source:src/libcharon/plugins/load_tester/load_tester_creds.c that verified that the private key was loaded successfully (there is a check, though, in create_private_enumerator()
). So if the load-tester plugin was in fact unable to load the private key you configured in charon.plugins.load-tester.issuer_key it would explain the crash here:
369 peer_key = this->private->get_public_key(this->private);
When you start charon you should see a message like
01[CFG] loading load-tester private key from '/etc/ssl/vpnca/vpnca.key'
followed by at least one error message.
The associated commit should fix the crash, but you have to correct the issue with the private key to make this actually work.
load-tester: Fix crash if private key was not loaded successfully
Fixes #417.