Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Cause:
If pppol2tp plugin was used and pppd command line also contained dump option pppd crashed.
Consequence:
Variable containing textual representation of file descriptor passed to pppol2tp plugin was not properly initialized and null pointer dereference occurred.
Fix:
Correctly initialize variable.
Result:
pppd doesn't crash in described scenario.
Description of problem:
pppd segfaults with dump option in configuration file on server site in xl2tpd VPN.
Version-Release number of selected component (if applicable):
ppp-2.4.5-8.el6
How reproducible:
Always.
Steps to Reproduce:
1. Configure client and server
SERVER
-------
a, install ppp and xl2tpd (from epel)
# yum --enablerepo=epel install ppp xl2tpd
b, configure server
# cat /etc/ppp/options.xl2tpd
dump
# cat /etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = _SERVER_IP_CHANGE_
[lns default]
name = server
pppoptfile = /etc/ppp/options.xl2tpd
ppp debug = yes
require chap = yes
refuse pap = yes
require authentication = yes
ip range = 192.168.0.1-192.168.0.253
local ip = 192.168.0.254
# cat /etc/ppp/chap-secrets
client * "redhat123" *
c, start server
# service xl2tpd start
CLIENT
------
a, install ppp and xl2tpd (from epel)
yum --enablerepo=epel install ppp xl2tpd
b, configure client
# cat /etc/ppp/options.xl2tpd
#nothing here
# cat /etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = _CLIENT_IP_CHANGE_
debug network = yes
[lac server]
name = client
pppoptfile = /etc/ppp/options.xl2tpd
ppp debug = yes
lns = _SERVER_IP_CHANGE_
# cat /etc/ppp/chap-secrets
client * "redhat123" *
c, start client
# service xl2tpd start
# xl2tpd-control connect server
Actual results:
Segfault and no established vpn.
# cat /var/log/messages
...
Mar 2 16:48:04 sheep-26 pppd[4460]: Plugin pppol2tp.so loaded.
Mar 2 16:48:04 sheep-26 pppd[4460]: pppd options in effect:
Mar 2 16:48:04 sheep-26 pppd[4460]: debug#011#011# (from command line)
Mar 2 16:48:04 sheep-26 pppd[4460]: nodetach#011#011# (from command line)
Mar 2 16:48:04 sheep-26 pppd[4460]: dump#011#011# (from /etc/ppp/options.xl2tpd)
Mar 2 16:48:04 sheep-26 pppd[4460]: plugin pppol2tp.so#011#011# (from command line)
Mar 2 16:48:04 sheep-26 pppd[4460]: require-chap#011#011# (from command line)
Mar 2 16:48:04 sheep-26 pppd[4460]: refuse-pap#011#011# (from command line)
Mar 2 16:48:04 sheep-26 pppd[4460]: name server#011#011# (from command line)
Mar 2 16:48:04 sheep-26 kernel: pppd[4460]: segfault at 0 ip 0092e8bb sp bf9d62d0 error 4 in pppd[90d000+4c000]
...
Expected results:
No segfault and established vpn.
SERVER
-------
# ip a show dev ppp0
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 192.168.0.254 peer 192.168.0.1/32 scope global ppp0
CLIENT
------
# ip a show dev ppp0
153: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 192.168.0.1 peer 192.168.0.254/32 scope global ppp0
Additional info:
Coredump is in attachment.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://rhn.redhat.com/errata/RHBA-2015-0685.html
Description of problem: pppd segfaults with dump option in configuration file on server site in xl2tpd VPN. Version-Release number of selected component (if applicable): ppp-2.4.5-8.el6 How reproducible: Always. Steps to Reproduce: 1. Configure client and server SERVER ------- a, install ppp and xl2tpd (from epel) # yum --enablerepo=epel install ppp xl2tpd b, configure server # cat /etc/ppp/options.xl2tpd dump # cat /etc/xl2tpd/xl2tpd.conf [global] listen-addr = _SERVER_IP_CHANGE_ [lns default] name = server pppoptfile = /etc/ppp/options.xl2tpd ppp debug = yes require chap = yes refuse pap = yes require authentication = yes ip range = 192.168.0.1-192.168.0.253 local ip = 192.168.0.254 # cat /etc/ppp/chap-secrets client * "redhat123" * c, start server # service xl2tpd start CLIENT ------ a, install ppp and xl2tpd (from epel) yum --enablerepo=epel install ppp xl2tpd b, configure client # cat /etc/ppp/options.xl2tpd #nothing here # cat /etc/xl2tpd/xl2tpd.conf [global] listen-addr = _CLIENT_IP_CHANGE_ debug network = yes [lac server] name = client pppoptfile = /etc/ppp/options.xl2tpd ppp debug = yes lns = _SERVER_IP_CHANGE_ # cat /etc/ppp/chap-secrets client * "redhat123" * c, start client # service xl2tpd start # xl2tpd-control connect server Actual results: Segfault and no established vpn. # cat /var/log/messages ... Mar 2 16:48:04 sheep-26 pppd[4460]: Plugin pppol2tp.so loaded. Mar 2 16:48:04 sheep-26 pppd[4460]: pppd options in effect: Mar 2 16:48:04 sheep-26 pppd[4460]: debug#011#011# (from command line) Mar 2 16:48:04 sheep-26 pppd[4460]: nodetach#011#011# (from command line) Mar 2 16:48:04 sheep-26 pppd[4460]: dump#011#011# (from /etc/ppp/options.xl2tpd) Mar 2 16:48:04 sheep-26 pppd[4460]: plugin pppol2tp.so#011#011# (from command line) Mar 2 16:48:04 sheep-26 pppd[4460]: require-chap#011#011# (from command line) Mar 2 16:48:04 sheep-26 pppd[4460]: refuse-pap#011#011# (from command line) Mar 2 16:48:04 sheep-26 pppd[4460]: name server#011#011# (from command line) Mar 2 16:48:04 sheep-26 kernel: pppd[4460]: segfault at 0 ip 0092e8bb sp bf9d62d0 error 4 in pppd[90d000+4c000] ... Expected results: No segfault and established vpn. SERVER ------- # ip a show dev ppp0 5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 3 link/ppp inet 192.168.0.254 peer 192.168.0.1/32 scope global ppp0 CLIENT ------ # ip a show dev ppp0 153: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 3 link/ppp inet 192.168.0.1 peer 192.168.0.254/32 scope global ppp0 Additional info: Coredump is in attachment.