Ubuntu
ipsec-tools package

[SRU] racoon crashes when racoon.conf contains sainfo section for ipv6

Bug #374185 reported by Fredrik Ljunggren
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ipsec-tools (Ubuntu)
Fix Released
Medium
Chuck Short
Intrepid
Won't Fix
Medium
Chuck Short
Jaunty
Won't Fix
Medium
Chuck Short

Bug Description

Binary package hint: ipsec-tools

It seems I am the only one on this planet using ipv6. Since ipsec-tools 0.7, when configuring v6 addresses in sainfo section of racoon.conf, racoon crashes:

$ sudo racoon -F
Foreground mode.
2009-05-09 19:14:34: INFO: @(#)ipsec-tools 0.7 (http://ipsec-tools.sourceforge.net)
2009-05-09 19:14:34: INFO: @(#)This product linked OpenSSL 0.9.8g 19 Oct 2007 (http://www.openssl.org/)
2009-05-09 19:14:34: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2009-05-09 19:14:36: INFO: Resize address pool from 0 to 255
*** stack smashing detected ***: racoon terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0xb7c63138]
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0xb7c630f0]
racoon[0x8073079]
racoon[0x808ac74]
racoon[0x808b015]
racoon[0x8091d8b]
racoon[0x80943e8]
racoon[0x804cfcd]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7b8c450]
racoon[0x804cb71]
======= Memory map: ========
08048000-080bb000 r-xp 00000000 08:01 84214 /usr/sbin/racoon
080bb000-080bc000 rw-p 00072000 08:01 84214 /usr/sbin/racoon
080bc000-080e3000 rw-p 080bc000 00:00 0 [heap]
..

Now, this happens without even communicating with the far end.

To reproduce, take for example this rather minimal racoon.conf:

---- 8< ----

remote ::2 {
  exchange_mode main;
  proposal {
    encryption_algorithm aes;
    hash_algorithm sha1;
    authentication_method pre_shared_key;
    dh_group 2;
  }
}

sainfo address ::1 any address ::2 any
{
       encryption_algorithm aes;
       authentication_algorithm hmac_sha1;
       compression_algorithm deflate;
}

sainfo address ::2 any address ::1 any
{
       encryption_algorithm aes;
       authentication_algorithm hmac_sha1;
       compression_algorithm deflate;
}

---- 8< ----

and start racoon in the forground - it will crash instantly.

Source package: ipsec-tools_0.7-2.1ubuntu1 (9.04)

Related branches

lp:ubuntu/karmic/ipsec-tools
lp:~zulcss/ubuntu/jaunty/ipsec-tools/sru-374185
Steve Beattie (community): Approve (sru)
Diff: 235 lines
5 files modified
debian/changelog (+25/-0)
src/racoon/crypto_openssl.c (+2/-0)
src/racoon/ipsec_doi.c (+41/-23)
src/racoon/isakmp_frag.c (+2/-1)
src/racoon/nattraversal.c (+11/-4)
lp:~zulcss/ubuntu/intrepid/ipsec-tools/src-374185
Steve Beattie (community): Approve (sru)
Diff: 235 lines
5 files modified
debian/changelog (+25/-0)
src/racoon/crypto_openssl.c (+2/-0)
src/racoon/ipsec_doi.c (+41/-23)
src/racoon/isakmp_frag.c (+2/-1)
src/racoon/nattraversal.c (+11/-4)
lp:ubuntu/lucid/ipsec-tools
lp:ubuntu/intrepid-proposed/ipsec-tools
lp:ubuntu/jaunty-proposed/ipsec-tools
lp:ubuntu/maverick/ipsec-tools
lp:ubuntu/natty/ipsec-tools
Fredrik Ljunggren (fredrik-kirei)
Changed in ipsec-tools (Ubuntu):
assignee: nobody → Ubuntu Core Development Team (ubuntu-core-dev)
assignee: Ubuntu Core Development Team (ubuntu-core-dev) → nobody
Revision history for this message
Fredrik Ljunggren (fredrik-kirei) wrote :

The attached patch fixes the problem. A new release will be issued by the ipsec-tools development team (0.7.3).

Revision history for this message
Chuck Short (zulcss) wrote :

Thanks I was able to reproduce this on karmic I will apply the patch and try to recreate the crash.

Regards
chuck

Changed in ipsec-tools (Ubuntu):
assignee: nobody → Chuck Short (zulcss)
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Chuck Short (zulcss) wrote :

Hi,

Ive applied the patch and it works fine for me. I have uploaded it for karmic. Thanks for the patch again!

Regards
chuck

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ipsec-tools - 1:0.7.1-1.5ubuntu3

---------------
ipsec-tools (1:0.7.1-1.5ubuntu3) karmic; urgency=low

  * src/racoon/ipsec_doi.c: Patched to fix segfault when using
    ipv6 addresses in sainfo section of racoon.conf. Thanks to
    Fredrik Ljunggren. (LP: #374185)

 -- Chuck Short <email address hidden> Wed, 09 Sep 2009 13:11:32 -0400

Changed in ipsec-tools (Ubuntu):
status: Confirmed → Fix Released
Chuck Short (zulcss)
Changed in ipsec-tools (Ubuntu Intrepid):
assignee: nobody → Chuck Short (zulcss)
Changed in ipsec-tools (Ubuntu Jaunty):
assignee: nobody → Chuck Short (zulcss)
Changed in ipsec-tools (Ubuntu Intrepid):
status: New → In Progress
Changed in ipsec-tools (Ubuntu Jaunty):
status: New → In Progress
Changed in ipsec-tools (Ubuntu Intrepid):
importance: Undecided → Medium
Changed in ipsec-tools (Ubuntu Jaunty):
importance: Undecided → Medium
Revision history for this message
Chuck Short (zulcss) wrote :

Statement of Impact:

ipsec-tools contains a bug that causes a segmentation fault when using ipv6. The patch in the bug has fixed the segfault and it has been applied to the karmic release.

How to reproduce:

1. Install ipsec-tools and racoon.
2. Use the attached configuration file to the bug
3. Run the following command: sudo racoon -F
4. Observe the crash

There should be no regressions with this patch. If you have any questions please let me know.

Regards
chuck

summary: - racoon crashes when racoon.conf contains sainfo section for ipv6
+ [SRU] racoon crashes when racoon.conf contains sainfo section for ipv6
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Accepted ipsec-tools into intrepid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in ipsec-tools (Ubuntu Intrepid):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in ipsec-tools (Ubuntu Jaunty):
status: In Progress → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted ipsec-tools into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Revision history for this message
Martin Pitt (pitti) wrote :

This intrepid-proposed SRU has not been verified in the last three months or longer. Intrepid will go out of support in less than two months, so it is not worth pursuing this SRU any further.

I removed the intrepid-proposed version from the archive.

Changed in ipsec-tools (Ubuntu Intrepid):
status: Fix Committed → Won't Fix
Revision history for this message
Martin Pitt (pitti) wrote :

No feedback for half a year, I removed the proposed package.

2010-04-29 09:21:13 INFO Removing candidates:
2010-04-29 09:21:13 INFO ipsec-tools 1:0.7-2.1ubuntu1.9.04.2 in jaunty
2010-04-29 09:21:13 INFO ipsec-tools 1:0.7-2.1ubuntu1.9.04.2 in jaunty amd64
2010-04-29 09:21:13 INFO ipsec-tools 1:0.7-2.1ubuntu1.9.04.2 in jaunty armel
2010-04-29 09:21:13 INFO ipsec-tools 1:0.7-2.1ubuntu1.9.04.2 in jaunty hppa
2010-04-29 09:21:13 INFO ipsec-tools 1:0.7-2.1ubuntu1.9.04.2 in jaunty i386
2010-04-29 09:21:13 INFO ipsec-tools 1:0.7-2.1ubuntu1.9.04.2 in jaunty ia64
2010-04-29 09:21:13 INFO ipsec-tools 1:0.7-2.1ubuntu1.9.04.2 in jaunty lpia
2010-04-29 09:21:13 INFO ipsec-tools 1:0.7-2.1ubuntu1.9.04.2 in jaunty powerpc
2010-04-29 09:21:13 INFO ipsec-tools 1:0.7-2.1ubuntu1.9.04.2 in jaunty sparc
2010-04-29 09:21:13 INFO racoon 1:0.7-2.1ubuntu1.9.04.2 in jaunty amd64
2010-04-29 09:21:13 INFO racoon 1:0.7-2.1ubuntu1.9.04.2 in jaunty armel
2010-04-29 09:21:13 INFO racoon 1:0.7-2.1ubuntu1.9.04.2 in jaunty hppa
2010-04-29 09:21:13 INFO racoon 1:0.7-2.1ubuntu1.9.04.2 in jaunty i386
2010-04-29 09:21:13 INFO racoon 1:0.7-2.1ubuntu1.9.04.2 in jaunty ia64
2010-04-29 09:21:13 INFO racoon 1:0.7-2.1ubuntu1.9.04.2 in jaunty lpia
2010-04-29 09:21:13 INFO racoon 1:0.7-2.1ubuntu1.9.04.2 in jaunty powerpc
2010-04-29 09:21:13 INFO racoon 1:0.7-2.1ubuntu1.9.04.2 in jaunty sparc
2010-04-29 09:21:13 INFO Removed-by: Martin Pitt
2010-04-29 09:21:13 INFO Comment: unverified SRU, timing out

Changed in ipsec-tools (Ubuntu Jaunty):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.