Description of problem: Racoon daemon built on a 64-bit platform segfaults when setting the security context into a proposal from a 32 bit platform. Version-Release number of selected component (if applicable): ipsec-tools-0.6.5-6 How reproducible: Happens all the time when negotiating between a 64-bit and 32-bit built app. Steps to Reproduce: 1.setup ipsec policy between a ppc (with 32 bit apps) and a x86_64 (with 64-bit apps) 2. start racoon on both machines 3. do a ping from a 64-bit to 32-bit or vice versa Actual results: (gdb) where #0 0x0fec7354 in _wordcopy_fwd_aligned () from /lib/libc.so.6 #1 0x0fec7270 in memcpy () from /lib/libc.so.6 #2 0x100423e4 in set_secctx_in_proposal (iph2=<value optimized out>, spidx= {dir = 2 '\002', src = {ss_family = 2, __ss_align = 151239991, __ss_padding = '\0' <repeats 119 times>}, dst = {ss_family = 2, __ss_align = 151240405, __ss_padding = '\0' <repeats 119 times>}, prefs = 32 ' ', prefd = 32 ' ', ul_proto = 255, priority = 0, sec_ctx = {ctx_doi = 1 '\001', ctx_alg = 1 '\001', ctx_strlen = 10752, ctx_str = "ealuser_u:sysadm_r:ping_t:s0-s15:c0.c1023\000\000\000\000\000\000\000\000"}}) at security.c:170 #3 0x10013fb0 in quick_r1recv (iph2=0x1008b530, msg0=0x1008b9f8) at isakmp_quick.c:2133 #4 0x22000482 in ?? () #5 0x10009140 in isakmp_ph2begin_r (iph1=0x1008a178, msg=0x1008b9f8) at isakmp.c:1298 in isakmp_main (msg=0x1008b9f8, remote=0xfd44e73c, local=0xfd44e7bc) at isakmp.c:652 #7 0x1000a9ac in isakmp_handler (so_isakmp=<value optimized out>) at isakmp.c:359 #8 0x10004c3c in session () at session.c:211 #9 0x100044ac in main (ac=4, av=<value optimized out>) at main.c:247 (gdb)
I have fixed this. Will send fix shortly.
Please see following for patch to fix this. http://sourceforge.net/mailarchive/forum.php?thread_id=31826804&forum_id=32000 or https://www.redhat.com/archives/redhat-lspp/2007-March/msg00029.html
Created attachment 150444 [details] Patch to fix racoon segfault between 32bit and 64bit machines. Patch to fix racoon segfault.
Eric, let me know if you would prefer inline text rather than the attachment.
test rpms with the patch: http://people.redhat.com/harald/downloads/ipsec-tools/ipsec-tools-0.6.5-6.2.el5
Joy, does this one re-test ok? Thanks.
This tested successfully between a ppc with 32-bit ipsec-tools-0.6.5-6.2.el5 and a 64-bit ipsec-tools-0.6.5-6.2.el5 on an x86_64, both having 72 kernel.