On Mon, Jun 17, 2013 at 04:05:18PM +0200, Alberto Gonzalez Iniesta wrote:
> On Mon, Jun 17, 2013 at 01:51:13PM +0200, Gert Doering wrote:
> > Hi,
> >
> > On Mon, Jun 17, 2013 at 01:00:03PM +0200, Alberto Gonzalez Iniesta wrote:
> > > I applied the fix for CVE-2013-2061 [0] to Debian's stable version of
> > > openvpn (2.2.1) [1]. When the new package was sent to the mirrors I got
> > > a couple of reports of broken VPNs [2]. After some testing I think the
> > > problem arises with the use of "multihome" option. The server daemon
> > > starts to log lots of these:
> > > Jun 17 12:43:52 srv ovpn-srv[31073]: write UDPv4 []: Invalid argument
> > > (code=22)
> > > Jun 17 12:43:53 srv ovpn-srv[31073]: write UDPv4 []: Invalid argument
> > > (code=22)
> > >
> > > If the "multihome" option is removed, the VPN comes back to live.
> > >
> > > Could a patch to fix this be made or should we go back to 2.2.1 without
> > > the patch to fix CVE-2013-2061?
> >
> > This patch is most definitely not affecting multihome. If you look at
> > the patch, there is nothing in there that could affect external behaviour
> > (except remove the timing variance).
> >
>
> Thanks Gert,
>
> I compiled the package without the patch now, and get the same (bogus)
> result. Somethigng must have changed in the build environment that
> breaks this. Will investigate further.
Does this strace output help?
>From working build:
sendmsg(6, {msg_name(16)={sa_family=AF_INET, sin_port=htons(33497),
sin_addr=inet_addr("62.82.17.220")},
msg_iov(1)=[{"h\22\260\274\377\244\300\234G\5,\256\376d\5+
\274\264V\260\20\201\tNO\202\271\354\351E}\322"...,
124}], msg_controllen=28, {cmsg_len=28, cmsg_level=SOL_IP, cmsg_type=, ...},
msg_flags=0}, 0) = 124
poll([{fd=6, events=POLLIN|POLLPRI}, {fd=7, events=POLLIN|POLLPRI}], 2, 4037) =
1 ([{fd=6, revents=POLLIN}])
>From failing build:
sendmsg(6, {msg_name(16)={sa_family=AF_INET, sin_port=htons(33497),
sin_addr=inet_addr("62.82.17.220")},
msg_iov(1)=[{">]\253^\16\330\226\202\3\350\31\31tC\247\352\244\10\0-
(\363\377\364\2077\360h\215\333\216{"..., 124}],
msg_controllen=28, {cmsg_len=662516248, cmsg_level=SOL_IP, cmsg_type=, ...},
msg_flags=0}, 0) = -1 EINVAL (Invalid argument)
recvmsg(6, 0x7fff5686b060, MSG_ERRQUEUE) = -1 EAGAIN (Resource temporarily
unavailable)
Seems like "cmsg_len" went nuts...
Again, only happens with multihome, if that helps...
--
Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred | http://inittab.com
Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
