Bug 1197792
| Summary: | pppd segfaults with dump option | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Jaroslav Aster <jaster> | ||||
| Component: | ppp | Assignee: | Michal Sekletar <msekleta> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Jaroslav Aster <jaster> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 6.6 | CC: | ksrot, msekleta, tlavigne | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: |
Cause:
If pppol2tp plugin was used and pppd command line also contained dump option pppd crashed.
Consequence:
Variable containing textual representation of file descriptor passed to pppol2tp plugin was not properly initialized and null pointer dereference occurred.
Fix:
Correctly initialize variable.
Result:
pppd doesn't crash in described scenario.
|
Story Points: | --- | ||||
| Clone Of: | |||||||
| : | 1277198 (view as bug list) | Environment: | |||||
| Last Closed: | 2015-03-16 08:13:57 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 997131 [details]
Abrt output.
http://pkgs.devel.redhat.com/cgit/rpms/ppp/commit/?h=rhel-6.7&id=1cd9bce6b8257b5ff0ac4013fc4171ddd01bb875 -> MODIFIED Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0685.html |
Description of problem: pppd segfaults with dump option in configuration file on server site in xl2tpd VPN. Version-Release number of selected component (if applicable): ppp-2.4.5-8.el6 How reproducible: Always. Steps to Reproduce: 1. Configure client and server SERVER ------- a, install ppp and xl2tpd (from epel) # yum --enablerepo=epel install ppp xl2tpd b, configure server # cat /etc/ppp/options.xl2tpd dump # cat /etc/xl2tpd/xl2tpd.conf [global] listen-addr = _SERVER_IP_CHANGE_ [lns default] name = server pppoptfile = /etc/ppp/options.xl2tpd ppp debug = yes require chap = yes refuse pap = yes require authentication = yes ip range = 192.168.0.1-192.168.0.253 local ip = 192.168.0.254 # cat /etc/ppp/chap-secrets client * "redhat123" * c, start server # service xl2tpd start CLIENT ------ a, install ppp and xl2tpd (from epel) yum --enablerepo=epel install ppp xl2tpd b, configure client # cat /etc/ppp/options.xl2tpd #nothing here # cat /etc/xl2tpd/xl2tpd.conf [global] listen-addr = _CLIENT_IP_CHANGE_ debug network = yes [lac server] name = client pppoptfile = /etc/ppp/options.xl2tpd ppp debug = yes lns = _SERVER_IP_CHANGE_ # cat /etc/ppp/chap-secrets client * "redhat123" * c, start client # service xl2tpd start # xl2tpd-control connect server Actual results: Segfault and no established vpn. # cat /var/log/messages ... Mar 2 16:48:04 sheep-26 pppd[4460]: Plugin pppol2tp.so loaded. Mar 2 16:48:04 sheep-26 pppd[4460]: pppd options in effect: Mar 2 16:48:04 sheep-26 pppd[4460]: debug#011#011# (from command line) Mar 2 16:48:04 sheep-26 pppd[4460]: nodetach#011#011# (from command line) Mar 2 16:48:04 sheep-26 pppd[4460]: dump#011#011# (from /etc/ppp/options.xl2tpd) Mar 2 16:48:04 sheep-26 pppd[4460]: plugin pppol2tp.so#011#011# (from command line) Mar 2 16:48:04 sheep-26 pppd[4460]: require-chap#011#011# (from command line) Mar 2 16:48:04 sheep-26 pppd[4460]: refuse-pap#011#011# (from command line) Mar 2 16:48:04 sheep-26 pppd[4460]: name server#011#011# (from command line) Mar 2 16:48:04 sheep-26 kernel: pppd[4460]: segfault at 0 ip 0092e8bb sp bf9d62d0 error 4 in pppd[90d000+4c000] ... Expected results: No segfault and established vpn. SERVER ------- # ip a show dev ppp0 5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 3 link/ppp inet 192.168.0.254 peer 192.168.0.1/32 scope global ppp0 CLIENT ------ # ip a show dev ppp0 153: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 3 link/ppp inet 192.168.0.1 peer 192.168.0.254/32 scope global ppp0 Additional info: Coredump is in attachment.