Bug 1197792 - pppd segfaults with dump option
Summary: pppd segfaults with dump option
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ppp   
(Show other bugs)
Version: 6.6
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Michal Sekletar
QA Contact: Jaroslav Aster
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-03-02 15:51 UTC by Jaroslav Aster
Modified: 2015-03-16 08:13 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: If pppol2tp plugin was used and pppd command line also contained dump option pppd crashed. Consequence: Variable containing textual representation of file descriptor passed to pppol2tp plugin was not properly initialized and null pointer dereference occurred. Fix: Correctly initialize variable. Result: pppd doesn't crash in described scenario.
Story Points: ---
Clone Of:
: 1277198 (view as bug list)
Environment:
Last Closed: 2015-03-16 08:13:57 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Abrt output. (68.49 KB, application/x-gzip)
2015-03-02 15:57 UTC, Jaroslav Aster
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:0685 normal SHIPPED_LIVE ppp bug fix and enhancement update 2015-03-16 12:13:39 UTC

Description Jaroslav Aster 2015-03-02 15:51:56 UTC
Description of problem:

pppd segfaults with dump option in configuration file on server site in xl2tpd VPN.

Version-Release number of selected component (if applicable):

ppp-2.4.5-8.el6


How reproducible:

Always.


Steps to Reproduce:
1. Configure client and server

SERVER
-------
a, install ppp and xl2tpd (from epel)

# yum --enablerepo=epel install ppp xl2tpd

b, configure server

# cat /etc/ppp/options.xl2tpd 
dump

# cat /etc/xl2tpd/xl2tpd.conf 
[global]
listen-addr = _SERVER_IP_CHANGE_

[lns default]
name = server
pppoptfile = /etc/ppp/options.xl2tpd
ppp debug = yes
require chap = yes
refuse pap = yes
require authentication = yes
ip range = 192.168.0.1-192.168.0.253
local ip = 192.168.0.254

# cat /etc/ppp/chap-secrets
client * "redhat123" *

c, start server

# service xl2tpd start

CLIENT
------
a, install ppp and xl2tpd (from epel)

yum --enablerepo=epel install ppp xl2tpd

b, configure client

# cat /etc/ppp/options.xl2tpd 
#nothing here

# cat /etc/xl2tpd/xl2tpd.conf
[global]
listen-addr = _CLIENT_IP_CHANGE_
debug network = yes

[lac server]
name = client
pppoptfile = /etc/ppp/options.xl2tpd
ppp debug = yes
lns = _SERVER_IP_CHANGE_

# cat /etc/ppp/chap-secrets
client * "redhat123" *

c, start client

# service xl2tpd start
# xl2tpd-control connect server


Actual results:

Segfault and no established vpn.

# cat /var/log/messages
...
Mar  2 16:48:04 sheep-26 pppd[4460]: Plugin pppol2tp.so loaded.
Mar  2 16:48:04 sheep-26 pppd[4460]: pppd options in effect:
Mar  2 16:48:04 sheep-26 pppd[4460]: debug#011#011# (from command line)
Mar  2 16:48:04 sheep-26 pppd[4460]: nodetach#011#011# (from command line)
Mar  2 16:48:04 sheep-26 pppd[4460]: dump#011#011# (from /etc/ppp/options.xl2tpd)
Mar  2 16:48:04 sheep-26 pppd[4460]: plugin pppol2tp.so#011#011# (from command line)
Mar  2 16:48:04 sheep-26 pppd[4460]: require-chap#011#011# (from command line)
Mar  2 16:48:04 sheep-26 pppd[4460]: refuse-pap#011#011# (from command line)
Mar  2 16:48:04 sheep-26 pppd[4460]: name server#011#011# (from command line)
Mar  2 16:48:04 sheep-26 kernel: pppd[4460]: segfault at 0 ip 0092e8bb sp bf9d62d0 error 4 in pppd[90d000+4c000]
...

Expected results:

No segfault and established vpn.

SERVER
-------
# ip a show dev ppp0
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 3
    link/ppp 
    inet 192.168.0.254 peer 192.168.0.1/32 scope global ppp0

CLIENT
------
# ip a show dev ppp0
153: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 3
    link/ppp 
    inet 192.168.0.1 peer 192.168.0.254/32 scope global ppp0

Additional info:

Coredump is in attachment.

Comment 1 Jaroslav Aster 2015-03-02 15:57:40 UTC
Created attachment 997131 [details]
Abrt output.

Comment 8 errata-xmlrpc 2015-03-16 08:13:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0685.html


Note You need to log in before you can comment on or make changes to this bug.