Bug 964650

Summary: [abrt] openconnect-4.99-1.fc19: __strlen_sse2_pminub: Process /usr/sbin/openconnect was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Alex Murray <murray.alex>
Component: openconnectAssignee: David Woodhouse <dwmw2>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: dwmw2
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:406996948f5e5da425a8cc232a0a7217aec0982e
Fixed In Version: openconnect-5.01-1.fc19 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-05 03:24:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Alex Murray 2013-05-19 11:36:02 UTC 
Description of problem:
Tried setting up connection to vpn using openconnect command-line invocation

Version-Release number of selected component:
openconnect-4.99-1.fc19

Additional info:
reporter:       libreport-2.1.4
backtrace_rating: 4
cmdline:        openconnect --script /etc/vpnc/vpnc-script https://redacted.url/
crash_function: __strlen_sse2_pminub
executable:     /usr/sbin/openconnect
kernel:         3.9.2-301.fc19.x86_64
runlevel:       N 5
uid:            1000

Truncated backtrace:
Thread no. 1 (3 frames)
 #0 __strlen_sse2_pminub at ../sysdeps/x86_64/multiarch/strlen-sse2-pminub.S:38
 #1 parse_xml_response at auth.c:497
 #2 openconnect_obtain_cookie at http.c:988
Comment 1 Alex Murray 2013-05-19 11:36:05 UTC 
Created attachment 750026 [details]
File: backtrace
Comment 2 Alex Murray 2013-05-19 11:36:08 UTC 
Created attachment 750027 [details]
File: cgroup
Comment 3 Alex Murray 2013-05-19 11:36:10 UTC 
Created attachment 750028 [details]
File: core_backtrace
Comment 4 Alex Murray 2013-05-19 11:36:12 UTC 
Created attachment 750029 [details]
File: dso_list
Comment 5 Alex Murray 2013-05-19 11:36:15 UTC 
Created attachment 750030 [details]
File: environ
Comment 6 Alex Murray 2013-05-19 11:36:17 UTC 
Created attachment 750031 [details]
File: limits
Comment 7 Alex Murray 2013-05-19 11:36:20 UTC 
Created attachment 750032 [details]
File: maps
Comment 8 Alex Murray 2013-05-19 11:36:23 UTC 
Created attachment 750033 [details]
File: open_fds
Comment 9 Alex Murray 2013-05-19 11:36:26 UTC 
Created attachment 750034 [details]
File: proc_pid_status
Comment 10 Alex Murray 2013-05-19 11:36:28 UTC 
Created attachment 750035 [details]
File: var_log_messages
Comment 11 David Woodhouse 2013-05-23 19:23:14 UTC 
This is fixed in OpenConnect 5.00, released a day or two ago. Although another compatibility issue has surfaced so there'll be a 5.01 very shortly, which will get into Fedora 19 as an update.

Please could you show the output from openconnect before it crashed? The crash is bad, but I suspect even with that fixed, it wasn't going to *work*; the crash happened in a situation which should never happen. So I'd like to double-check that the latest version is really doing to do the right thing for you.
Comment 12 Alex Murray 2013-05-23 23:55:10 UTC 
openconnect -v https://vpn.redactedhost.com:8998/home
Attempting to connect to server 203.122.232.27:8998
SSL negotiation with vpn.redactedhost.com
Server certificate verify failed: signer not found

Certificate from VPN server "vpn.redactedhost.com" failed verification.
Reason: signer not found
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on vpn.redactedhost.com
POST https://vpn.redactedhost.com:8998/home
Got HTTP response: HTTP/1.1 303 See Other
Content-Type: text/html
Content-Length: 0
Location: https://vpn.redactedhost.com:8998/webvpn.html
Set-Cookie: webvpncontext=00@RedactedHost; path=/; Secure
Connection: Keep-Alive
HTTP body length:  (0)
GET https://vpn.redactedhost.com:8998/webvpn.html
Got HTTP response: HTTP/1.1 303 See Other
Content-Type: text/html
Content-Length: 0
Location: https://vpn.redactedhost.com:8998/webvpn.html
Set-Cookie: webvpncontext=00@RedactedHost; path=/; Secure
Connection: Keep-Alive
HTTP body length:  (0)
Segmentation fault (core dumped)
Comment 13 David Woodhouse 2013-05-24 22:39:38 UTC 
OpenConnect 5.00 fixes the crash. However, it doesn't fix the fact that your server is returning a redirect to the *same* location.

If we disable the 'xmlpost' support, it works. I'm going to have to come up with a better fix, to make this work automatically.
Comment 14 David Woodhouse 2013-05-24 22:46:46 UTC 
I've just pushed a fix to the git repository, which should make things work for you again. Please could you test? Are you able to build from git, or do you need me to build a package?
Comment 15 Alex Murray 2013-05-24 22:49:38 UTC 
Thanks David, I'm fine testing from git but won't have a chance to try until later today. Will let you know soon.
Comment 16 David Woodhouse 2013-05-24 22:51:28 UTC 
No problem. If this works then it'll be in the 5.01 release which is still "imminent"; I'll probably do it some time next week once the dust is settled on these changes.

Thanks.
Comment 17 Alex Murray 2013-05-27 12:27:47 UTC 
Thanks David I can confirm it works - thanks also for the speedy response, I really appreciate your hard work.
Comment 18 David Woodhouse 2013-05-30 15:28:40 UTC 
Please could you test again with the scratch build at http://koji.fedoraproject.org/koji/taskinfo?taskID=5442326

I've changed some more of the fallback handling, and I get a failure when I connect to 203.122.232.27:8998 — but then again, I get the same failure when I revert to the code from a few days ago, which you said was working.
Comment 19 Alex Murray 2013-05-31 00:02:36 UTC 
I can confirm the scratch build still works in my case - thanks.
Comment 20 Alex Murray 2013-05-31 00:04:47 UTC 
Accessing the raw IP also fails for me since I think this is doing some vhost type magic and hence you need to use the fqdn (I can send it to you in a private email if you'd like)
Comment 21 Alex Murray 2013-05-31 00:06:48 UTC 
Actually scratch that - the trick is it's only available over ssl - so https://203.122.232.27:8998/home should work (you need the /home as far as I can tell)
Comment 22 David Woodhouse 2013-06-01 20:47:27 UTC 
Great, thanks.
Comment 23 Fedora Update System 2013-06-01 21:11:43 UTC 
openconnect-5.01-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/openconnect-5.01-1.fc19
Comment 24 Fedora Update System 2013-06-02 18:41:48 UTC 
Package openconnect-5.01-1.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openconnect-5.01-1.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-9871/openconnect-5.01-1.fc19
then log in and leave karma (feedback).
Comment 25 Fedora Update System 2013-06-05 03:24:31 UTC 
openconnect-5.01-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.