Bug#575757: marked as done (openswan: showhostkey segfault with 3DES-encrypted host key)

Debian Bug Tracking System Mon, 31 May 2010 16:03:35 -0700

Your message dated Mon, 31 May 2010 23:02:26 +0000
with message-id <e1oje02-00085l...@ries.debian.org>
and subject line Bug#575757: fixed in openswan 1:2.6.26+dfsg-1
has caused the Debian Bug report #575757,
regarding openswan: showhostkey segfault with 3DES-encrypted host key
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
575757: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575757
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: openswan
Version: 1:2.6.23+dfsg-1
Severity: normal
Tags: patch

Running `ipsec showhostkey --list` with a 3DES-encrypted host key
results in a segfault with the following backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x08056481 in pem_decrypt (blob=0xbfffd3cc, iv=0xbfffc310, 
    pass=0xbfffe6c0, label=0xbfffc3cc "/etc/ipsec.d/private/kevinzilla.pem")
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/pem.c:323
#2  0x08056920 in pemtobin (blob=0xbfffd3cc, pass=0xbfffe6c0, 
    label=0xbfffc3cc "/etc/ipsec.d/private/kevinzilla.pem", pgp=0xbfffd3d4)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/pem.c:475
#3  0x0805548e in load_coded_file (
    filename=0xbfffc3cc "/etc/ipsec.d/private/kevinzilla.pem", 
    pass=0xbfffe6c0, verbose=0, type=0x80742fa "private key", blob=0xbfffd3cc, 
    pgp=0xbfffd3d4)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/certload.c:127
#4  0x08055661 in load_rsa_private_key (
    filename=0xbfffd420 "/etc/ipsec.d/private/kevinzilla.pem", verbose=0, 
    pass=0xbfffe6c0)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/certload.c:181
#5  0x0804eefd in osw_process_rsa_keyfile (psecrets=0xbfffe708, verbose=0, 
    rsak=0x8085338, pass=0xbfffe6c0)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/secrets.c:807
#6  0x0804fa1f in process_secret (psecrets=0xbfffe708, verbose=0, s=0x8085328, 
    pass=0xbfffe6c0)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/secrets.c:1123
#7  0x0804ff32 in osw_process_secret_records (psecrets=0xbfffe708, verbose=0, 
    pass=0xbfffe6c0)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/secrets.c:1272
#8  0x080503bd in osw_process_secrets_file (psecrets=0xbfffe708, verbose=0, 
    file_pat=0xbfffe70c "/etc/ipsec.secrets", pass=0xbfffe6c0)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/secrets.c:1395
#9  0x0805058d in osw_load_preshared_secrets (psecrets=0xbfffe708, verbose=0, 
    secrets_file=0xbfffe70c "/etc/ipsec.secrets", pass=0xbfffe6c0)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/secrets.c:1460
#10 0x0804a537 in main (argc=2, argv=0xbffff804)
    at /tmp/buildd/openswan-2.6.23+dfsg/programs/showhostkey/showhostkey.c:506

This is caused by oswcrypto.des_set_key being NULL at
lib/libopenswan/pem.c:226 due to load_oswcrypto never being called.

The attached patch adds a call to load_oswcrypto into main just
before osw_load_preshared_secrets.  It solves the problem on my
system, although I am not sure if there might be a better place for
the call (if lazier initialization is desired).

Cheers,
Kevin


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.33-kevinoid2 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openswan depends on:
ii  bind9-host [host]      1:9.6.1.dfsg.P3-1 Version of 'host' bundled with BIN
ii  bsdmainutils           8.0.8             collection of more utilities from 
ii  debconf [debconf-2.0]  1.5.28            Debian configuration management sy
ii  debianutils            3.2.2             Miscellaneous utilities specific t
ii  iproute                20100224-3        networking and traffic control too
ii  libc6                  2.10.2-6          Embedded GNU C Library: Shared lib
ii  libcurl3               7.20.0-1          Multi-protocol file transfer libra
ii  libgmp3c2              2:4.3.2+dfsg-1    Multiprecision arithmetic library
ii  libldap-2.4-2          2.4.17-2.1        OpenLDAP libraries
ii  libpam0g               1.1.1-2           Pluggable Authentication Modules l
ii  openssl                0.9.8m-2          Secure Socket Layer (SSL) binary a

openswan recommends no packages.

Versions of packages openswan suggests:
ii  curl                          7.20.0-1   Get a file from an HTTP, HTTPS or 
pn  openswan-modules-source | lin <none>     (no description available)

-- debconf information excluded

--- openswan-2.6.23+dfsg.orig/programs/showhostkey/showhostkey.c	2009-09-08 18:42:54.000000000 -0600
+++ openswan-2.6.23+dfsg/programs/showhostkey/showhostkey.c	2010-03-28 16:52:48.005024302 -0600
@@ -38,6 +38,7 @@
 
 #include "constants.h"
 #include "oswalloc.h"
+#include "oswcrypto.h"
 #include "oswlog.h"
 #include "oswconf.h"
 #include "secrets.h"
@@ -503,6 +504,8 @@
    PK11_SetPasswordFunc(getNSSPassword); 
 #endif
 
+   load_oswcrypto();
+
     osw_load_preshared_secrets(&host_secrets, verbose>0?TRUE:FALSE,
 			       secrets_file, &pass);

--- End Message ---

--- Begin Message ---

Source: openswan
Source-Version: 1:2.6.26+dfsg-1

We believe that the bug you reported is fixed in the latest version of
openswan, which is due to be installed in the Debian FTP archive:

openswan-dbg_2.6.26+dfsg-1_amd64.deb
  to main/o/openswan/openswan-dbg_2.6.26+dfsg-1_amd64.deb
openswan-doc_2.6.26+dfsg-1_all.deb
  to main/o/openswan/openswan-doc_2.6.26+dfsg-1_all.deb
openswan-modules-dkms_2.6.26+dfsg-1_all.deb
  to main/o/openswan/openswan-modules-dkms_2.6.26+dfsg-1_all.deb
openswan-modules-source_2.6.26+dfsg-1_all.deb
  to main/o/openswan/openswan-modules-source_2.6.26+dfsg-1_all.deb
openswan_2.6.26+dfsg-1.debian.tar.gz
  to main/o/openswan/openswan_2.6.26+dfsg-1.debian.tar.gz
openswan_2.6.26+dfsg-1.dsc
  to main/o/openswan/openswan_2.6.26+dfsg-1.dsc
openswan_2.6.26+dfsg-1_amd64.deb
  to main/o/openswan/openswan_2.6.26+dfsg-1_amd64.deb
openswan_2.6.26+dfsg.orig.tar.gz
  to main/o/openswan/openswan_2.6.26+dfsg.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 575...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Harald Jenny <har...@a-little-linux-box.at> (supplier of updated openswan 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 31 May 2010 23:11:12 +0200
Source: openswan
Binary: openswan openswan-dbg openswan-doc openswan-modules-source 
openswan-modules-dkms
Architecture: source all amd64
Version: 1:2.6.26+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Rene Mayrhofer <rm...@debian.org>
Changed-By: Harald Jenny <har...@a-little-linux-box.at>
Description: 
 openswan   - Internet Key Exchange daemon
 openswan-dbg - Internet Key Exchange daemon - debugging symbols
 openswan-doc - Internet Key Exchange daemon - documentation
 openswan-modules-dkms - Internet Key Exchange daemon - DKMS source
 openswan-modules-source - Internet Key Exchange daemon - kernel module source
Closes: 389680 532348 575757 583334
Changes: 
 openswan (1:2.6.26+dfsg-1) unstable; urgency=low
 .
   [Harald Jenny]
   * New upstream release.
   * Removed some obsoleted patches.
   * Modified some patches for new upstream version.
   * Added preinstall script to remove old duplicate init script.
     Closes: #532348: openswan: installs dupliate init script /etc/init.d/setup
   * Added patch to fix segfault of showhostkey with encrypted key (Thanks
     to Kevin Locke for his patch).
     Closes: #575757: openswan: showhostkey segfault with 3DES-encrypted host
                      key
   * Changes debian/rules to only omit permission fixing where it's really
     necessary.
     Closes: #389680: openswan: wrong permissions of /etc/ipsec.d/examples
   * Removed orphaned conflict with freeswan (not shipped anymore).
 .
   [Rene Mayrhofer]
   * Openswan package now provides ike-server and conflicts with it.
     Closes: #583334: racoon and openswan: error when trying to install
                      together
Checksums-Sha1: 
 4b8e1644c24154c7fc2687c0752e6ccb5fb362f1 1477 openswan_2.6.26+dfsg-1.dsc
 ed63de800ff052ede0bebe6ce23c710c26db5551 11426481 
openswan_2.6.26+dfsg.orig.tar.gz
 74de875c80767d0354bea9adec4bc10877fce095 129002 
openswan_2.6.26+dfsg-1.debian.tar.gz
 0253e56d0a5de141d62341ff7ea18857f172e616 1769782 
openswan-doc_2.6.26+dfsg-1_all.deb
 6e3b535ccce42fe97501927244fab963857c3db5 517262 
openswan-modules-source_2.6.26+dfsg-1_all.deb
 a378c23b4c1563b75432407cfba2d68e8d08a03c 584990 
openswan-modules-dkms_2.6.26+dfsg-1_all.deb
 3bb498af35af376a6b5f3f597deae299ec975c10 1084126 
openswan_2.6.26+dfsg-1_amd64.deb
 77842e6a891114a1aee6566815b2339d0cbe5a76 1095310 
openswan-dbg_2.6.26+dfsg-1_amd64.deb
Checksums-Sha256: 
 ac4b8a1832e075f752f434ec2bf5d239214a171b220c19b4308cac7d9bc589e6 1477 
openswan_2.6.26+dfsg-1.dsc
 6afef3f83bae77e1e51ae334cb67339a58fd032d475002f06fb9f7d9d3bfd70b 11426481 
openswan_2.6.26+dfsg.orig.tar.gz
 b9d37686803efcaf31d016ef94ecff2f7893f66e068b5713f1703cad3316d868 129002 
openswan_2.6.26+dfsg-1.debian.tar.gz
 d0af2e9bfcef857f328f6c396abd2fbbd90caf8c977a3bb421f09d9915b26fcc 1769782 
openswan-doc_2.6.26+dfsg-1_all.deb
 c375545d5651766795131f84ef1afca098c1ee3402becdafb78b42ca18ffa640 517262 
openswan-modules-source_2.6.26+dfsg-1_all.deb
 a3df9a356b31f7b0b6dcd1d57c275d1eb489d19245be2fb782f2f75e90bfd604 584990 
openswan-modules-dkms_2.6.26+dfsg-1_all.deb
 7f0b3d7bd2a73b9d1fffb7a444b45d98cdf2a9e416152ef77f1ace49de7425ea 1084126 
openswan_2.6.26+dfsg-1_amd64.deb
 b3f3b4598be3aa67ada39873ba90fe73cfc0ff78f37f2efd83590d66ce314e93 1095310 
openswan-dbg_2.6.26+dfsg-1_amd64.deb
Files: 
 36cc5df441b3920437fd2a4ae1a4d62e 1477 net optional openswan_2.6.26+dfsg-1.dsc
 e9293941658c2f655a0ad44ae4cb449f 11426481 net optional 
openswan_2.6.26+dfsg.orig.tar.gz
 75a77ef6de65ba21700ad279b7f8e714 129002 net optional 
openswan_2.6.26+dfsg-1.debian.tar.gz
 abf3aa47a1830bfe17a0272d9c5542ca 1769782 doc optional 
openswan-doc_2.6.26+dfsg-1_all.deb
 c0ce270f7e145cb3dc0f803777662aba 517262 kernel optional 
openswan-modules-source_2.6.26+dfsg-1_all.deb
 42bdd70a83e8dfab916b9c2f3497e84a 584990 kernel optional 
openswan-modules-dkms_2.6.26+dfsg-1_all.deb
 7f2a4fb16003d39a79236171b233c979 1084126 net optional 
openswan_2.6.26+dfsg-1_amd64.deb
 0a55a97b57e2b1e1e41e5e865613d916 1095310 debug extra 
openswan-dbg_2.6.26+dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwEPkIACgkQq7SPDcPCS97oPACeMjnN+0m/kqioyCNe7RYR1Csr
uE8AoLKZi/h8GwxbVyOBRM+tn+SQxlqF
=swSV
-----END PGP SIGNATURE-----

--- End Message ---

Bug#575757: marked as done (openswan: showhostkey segfault with 3DES-encrypted host key)

Reply via email to