Bug 442956 - openswan logging segfault when phase2alg=null
Summary: openswan logging segfault when phase2alg=null
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openswan
Version: 5.2
Hardware: other
OS: All
Target Milestone: rc
: ---
Assignee: Avesh Agarwal
QA Contact:
Depends On:
Blocks: 253764 450128
TreeView+ depends on / blocked
Reported: 2008-04-17 20:56 UTC by IBM Bug Proxy
Modified: 2009-09-02 11:18 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-09-02 11:18:39 UTC

Attachments (Terms of Use)
Allow NULL encryption with ESP (1.68 KB, patch)
2008-05-08 08:46 UTC, Herbert Xu
no flags Details | Diff

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2009:1350 normal SHIPPED_LIVE openswan bug fix update 2009-09-01 10:49:14 UTC
IBM Linux Technology Center 44175 None None None Never

Description IBM Bug Proxy 2008-04-17 20:56:38 UTC
=Comment: #0=================================================
TYLER C. HICKS <tchicks@us.ibm.com> - 2008-04-17 12:22 EDT
---Problem Description---
openswan segfaults while logging when esp encryption is null.
Contact Information = Tyler Hicks <tyhicks@linux.vnet.ibm.com>
---uname output---
Linux eal3.ltc.austin.ibm.com 2.6.18-87.el5 #1 SMP Tue Mar 25 17:28:02 EDT 2008
i686 i686 i386 GNU/Linux
Machine Type = 335 xSeries
A debugger is not configured
---Steps to Reproduce---
version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        # plutodebug="none"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey

conn i386-i386

On initiator run:
[root@eal5 ~]# ipsec auto --verbose --up i386-i386
002 "i386-i386" #1: initiating v2 parent SA
133 "i386-i386" #1: STATE_PARENT_I1: initiate
002 "i386-i386" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1
133 "i386-i386" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
002 "i386-i386" #2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2
134 "i386-i386" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2
cipher=aes_128 integ=sha1 prf=oakley_sha group=modp1536}

On responder run:
[root@eal3 ~]# tail /var/log/secure
Apr 17 11:15:17 eal3 pluto[3722]: "i386-i386" #1: "i386-i386":   newest ISAKMP
SA: #1; newest IPsec SA: #0; 
Apr 17 11:15:17 eal3 pluto[3722]: "i386-i386" #1: "i386-i386":   IKE algorithm
newest: _128-SHA1-MODP1536
Apr 17 11:15:17 eal3 pluto[3722]: "i386-i386" #1: "i386-i386":   ESP algorithms
wanted: NULL(11)_000-MD5(1), NULL(11)_000-SHA1(2); flags=-strict
Apr 17 11:15:17 eal3 pluto[3722]: "i386-i386" #1: "i386-i386":   ESP algorithms
loaded: NULL(11)_000-MD5(1)_128, NULL(11)_000-SHA1(2)_160
Apr 17 11:15:17 eal3 pluto[3722]: "i386-i386" #1: "i386-i386-v6":
unrouted; eroute owner: #0
Apr 17 11:15:17 eal3 pluto[3722]: "i386-i386" #1: "i386-i386-v6":    
myip=unset; hisip=unset;
Apr 17 11:15:17 eal3 pluto[3722]: "i386-i386" #1: "i386-i386-v6":   ike_life:
3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
Apr 17 11:15:17 eal3 pluto[3722]: "i386-i386" #1: "i386-i386-v6":   policy:
interface: eth0; 
Apr 17 11:15:17 eal3 pluto[3722]: "i386-i386" #1: "i386-i386-v6":   newest
ISAKMP SA: #0; newest IPsec SA: #0; 
Apr 17 11:15:17 eal3 pluto[3722]: "i386-i386" #1:

Backtrace on eal3's pluto process
Program received signal SIGSEGV, Segmentation fault.
0x002ebfab in strlen () from /lib/libc.so.6
(gdb) bt
#0  0x002ebfab in strlen () from /lib/libc.so.6
#1  0x002bc77e in vfprintf () from /lib/libc.so.6
#2  0x00361911 in __vsnprintf_chk () from /lib/libc.so.6
#3  0x00361837 in __snprintf_chk () from /lib/libc.so.6
#4  0x00e59b1a in fmt_state (st=0x900dab8, n=1208448917, 
    state_buf=0xbfd0f2b8 "#2: \"i386-i386\":500 (null) (648} attrs={0,1,864} ",
state_buf_len=1024, state_buf2=0xbfd0eeb8 "ÔîпÎr.", state_buf2_len=1024)
    at /usr/src/debug/openswan-2.6.11/programs/pluto/state.c:1202
#5  0x00e5a35a in show_states_status ()
    at /usr/src/debug/openswan-2.6.11/programs/pluto/state.c:1348
#6  0x00e587d6 in show_status ()
    at /usr/src/debug/openswan-2.6.11/programs/pluto/log.c:803
#7  0x00e58aef in passert_fail (pred_str=0xef7ca5 "ta.encrypter != NULL", 
    file_str=0xef796c "/usr/src/redhat/BUILD/openswan-2.6.11/programs/pluto/spd
_v2_struct.c", line_no=1245)
    at /usr/src/debug/openswan-2.6.11/programs/pluto/log.c:621
#8  0x00e7c8f0 in ikev2_parse_child_sa_body (sa_pbs=0x900c314, 
    sa_prop=0x900c334, r_sa_pbs=0xbfd10400, st=0x900dab8, selection=0)
    at /usr/src/debug/openswan-2.6.11/programs/pluto/spdb_v2_struct.c:1245
#9  0x00e7aa3b in ikev2_child_sa_respond (md=0x900c160, role=RESPONDER, 
    at /usr/src/debug/openswan-2.6.11/programs/pluto/ikev2_child.c:368
#10 0x00e771c6 in ikev2_parent_inI2outR2_tail (pcrc=<value optimized out>, 
    r=<value optimized out>)
    at /usr/src/debug/openswan-2.6.11/programs/pluto/ikev2_parent.c:1738
#11 0x00e772aa in ikev2_parent_inI2outR2_continue (pcrc=0x900ae98, 
    r=0xbfd10bf4, ugh=0x0)
    at /usr/src/debug/openswan-2.6.11/programs/pluto/ikev2_parent.c:1476
#12 0x00e902f5 in pluto_crypto_helper_ready (readfds=0xbfd13714)
    at /usr/src/debug/openswan-2.6.11/programs/pluto/pluto_crypt.c:649
#13 0x00e6000d in call_server ()
    at /usr/src/debug/openswan-2.6.11/programs/pluto/server.c:790
#14 0x00e5cd8e in main (argc=2136884559, argv=0x4b57794c)
    at /usr/src/debug/openswan-2.6.11/programs/pluto/plutomain.c:830
---Security Component Data---
Userspace tool common name: openswan

The userspace tool has the following bit modes: 32

Userspace rpm: openswan-2.6.11-1.el5
=Comment: #2=================================================
TYLER C. HICKS <tchicks@us.ibm.com> - 2008-04-17 12:28 EDT
RFC 4305 declares that phase2alg=null MUST be available:
3.1.1.  ESP Encryption and Authentication Algorithms

   These tables list encryption and authentication algorithms for the
   IPsec Encapsulating Security Payload protocol.

      Requirement    Encryption Algorithm (notes)
      -----------    --------------------
      MUST           NULL (1)
      MUST-          TripleDES-CBC [RFC2451]
      SHOULD+        AES-CBC with 128-bit keys [RFC3602]
      SHOULD         AES-CTR [RFC3686]
      SHOULD NOT     DES-CBC [RFC2405] (3)



   (1) Since ESP encryption and authentication are optional, support for
       the two "NULL" algorithms is required to maintain consistency
       with the way these services are negotiated.  Note that while
       authentication and encryption can each be "NULL", they MUST NOT
       both be "NULL".


Comment 4 IBM Bug Proxy 2008-04-30 21:17:56 UTC
------- Comment From tchicks@us.ibm.com 2008-04-30 17:12 EDT-------
Red Hat - Can we get confirmation that a fix for this bug is targeted for the
zstream release?  Thanks!

Comment 5 Herbert Xu 2008-05-08 08:46:31 UTC
Created attachment 304844 [details]
Allow NULL encryption with ESP

Please apply all my pervious patches from 439771 and 442955, then this patch. 
This lets me run null encryption between two Openswan machines.

Comment 6 Paul Wouters 2008-05-17 19:52:38 UTC
This was merged into 2.6.13

Comment 8 Steve Grubb 2008-06-04 17:24:05 UTC
2.6.14rc7-1 was built to address the problem being reported.

Comment 11 IBM Bug Proxy 2008-06-05 22:16:34 UTC
------- Comment From tchicks@us.ibm.com 2008-06-05 18:11 EDT-------
I have verified this bug fix between i386 and ppc using openswan-2.6.14rc10,
built from source from openswan.org.

Comment 12 Paul Wouters 2008-06-05 22:26:27 UTC
can you provide a new trace, since the old trace had:

#7  0x00e58aef in passert_fail (pred_str=0xef7ca5 "ta.encrypter != NULL", 
    file_str=0xef796c "/usr/src/redhat/BUILD/openswan-2.6.11/programs/pluto/spd
_v2_struct.c", line_no=1245)

which was resolved, so this is crashing at another place now

Comment 13 IBM Bug Proxy 2008-06-05 23:16:32 UTC
------- Comment From tchicks@us.ibm.com 2008-06-05 19:09 EDT-------
Hey Paul - I'm not seeing any crashes.  I reported that I had verified your fix
using i386 and ppc machines.  It works great.  Thanks!

Comment 14 IBM Bug Proxy 2008-06-18 22:25:10 UTC
------- Comment From tchicks@us.ibm.com 2008-06-18 18:18 EDT-------
Changing status to FIXEDAWAITINGTEST on IBM's side.

------- Comment From tchicks@us.ibm.com 2008-06-18 18:19 EDT-------
Changing status to TESTED on IBM's side.

------- Comment From tchicks@us.ibm.com 2008-06-18 18:20 EDT-------
Changing status to ACCEPTED on IBM's side.

------- Comment From tchicks@us.ibm.com 2008-06-18 18:22 EDT-------
Setting status to CLOSED on IBM's side.  I verified the official
openswan-2.6.14-1.el5_2.1 rpm from RH between i386 and ppc.

Comment 19 errata-xmlrpc 2009-09-02 11:18:39 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.