Bug 1570135 - racoon crashing during auth
Summary: racoon crashing during auth
Alias: None
Product: Fedora
Classification: Fedora
Component: ipsec-tools
Version: 28
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Paul Wouters
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2018-04-20 17:17 UTC by Vladimir Benes
Modified: 2019-05-28 19:56 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-05-28 19:56:19 UTC
Type: Bug

Attachments (Terms of Use)
backtrace from gdb (4.96 KB, text/plain)
2018-04-20 17:18 UTC, Vladimir Benes
no flags Details

Description Vladimir Benes 2018-04-20 17:17:40 UTC
Description of problem:
I have tests for NetworkManager vpn and libreswan functionality. I am using this script to setup racoon (and then connecting to it via NM and vpnc or libreswan plugins). 

The script creates veth pair (racoon1 to racoon0) going into namespace (racoon0 end) with dnsmasq and racoon running inside. The script then creates rac1 connection connected to one end of veth pair. Check the script for details about configuration. There are more details how to replicate setup in steps below.  

I can see racoon crash in journal.

Apr 20 17:52:35 localhost.localdomain kernel: racoon[21262]: segfault at ffffffffa59f1020 ip 00007f3ba4bc7fa2 sp 00007ffca5d81118 error 5 in libc-2.27.so[7f3ba4b37000+1b5000]
Apr 20 17:52:35 localhost.localdomain systemd[1]: Started Process Core Dump (PID 22309/UID 0).
Apr 20 17:52:35 localhost.localdomain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-coredump@4-22309-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 20 17:52:35 localhost.localdomain systemd-coredump[22310]: Process 21262 (racoon) of user 0 dumped core.
                                                               Stack trace of thread 21262:
                                                               #0  0x00007f3ba4bc7fa2 __strcmp_sse2_unaligned (libc.so.6)
                                                               #1  0x00005636d9f983ec xauth_login_system (racoon)
                                                               #2  0x00005636d9f61b6b privsep_xauth_login_system (racoon)
                                                               #3  0x00005636d9f98b4b xauth_attr_reply (racoon)
                                                               #4  0x00005636d9f9a0c9 isakmp_cfg_reply (racoon)
                                                               #5  0x00005636d9f9c4dc isakmp_cfg_r (racoon)
                                                               #6  0x00005636d9f46046 isakmp_main (racoon)
                                                               #7  0x00005636d9f47540 isakmp_handler (racoon)
                                                               #8  0x00005636d9f41eff session (racoon)
                                                               #9  0x00005636d9f413f9 main (racoon)
                                                               #10 0x00007f3ba4b5a1bb __libc_start_main (libc.so.6)
                                                               #11 0x00005636d9f415aa _start (racoon)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
0. sh prepare/racoon.sh aggressive 2 aes ( from https://github.com/NetworkManager/NetworkManager-ci )
1. nmcli connection add con-name vpnc type vpn ifname \* vpn-type vpnc
2. nmcli c modify vpnc vpn.data "NAT Traversal Mode=natt, ipsec-secret-type=save, IPSec secret-flags=0, xauth-password-type=save, Vendor=cisco, Xauth username=budulinek, IPSec gateway=, Xauth password-flags=0, IPSec ID=yolo, Perfect Forward Secrecy=server, IKE DH Group=dh2, Local Port=0"
3. nmcli c modify vpnc vpn.secrets "IPSec secret=ipsecret, Xauth password=passwd"

Actual results:

Expected results:
no crash

Additional info:
it doesn't happen with older version https://kojipkgs.fedoraproject.org//packages/ipsec-tools/0.8.2/9.fc28/x86_64/ipsec-tools-0.8.2-9.fc28.x86_64.rpm

Comment 1 Vladimir Benes 2018-04-20 17:18:10 UTC
Created attachment 1424621 [details]
backtrace from gdb

Comment 2 Ben Cotton 2019-05-02 21:54:30 UTC
This message is a reminder that Fedora 28 is nearing its end of life.
On 2019-May-28 Fedora will stop maintaining and issuing updates for
Fedora 28. It is Fedora's policy to close all bug reports from releases
that are no longer maintained. At that time this bug will be closed as
EOL if it remains open with a Fedora 'version' of '28'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 28 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 3 Ben Cotton 2019-05-28 19:56:19 UTC
Fedora 28 changed to end-of-life (EOL) status on 2019-05-28. Fedora 28 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.