Bug#934327: libreswan: addconn crash on ipsec.conf
Version: 4.1-1 Control: tags 934327 + moreinfo On Fri 2019-09-27 20:50:33 +, Ray Klassen wrote: > Further on this. It seems to relate to having esp= in the default > 'conn' and overriding it with phase2alg= in a specific 'conn.' I had > that crash again on another router and after using phase2alg in both > stanzas the problem went away. I'm not sure how to replicate this bug report, and perhaps it has been fixed in 4.1-1. I'm closing this while also asking for more information. If you can replicate it with 4.1-1, please provide a sample configuration snippet that we can use to replicate the problem, and reopen the bug report (i'm happy to reopen it for you if you aren't sure how to do that). All the best, --dkg signature.asc Description: PGP signature
Bug#934327: libreswan: addconn crash on ipsec.conf
On 2019-08-10 6:34 a.m., Bernhard Übelacker wrote: Hello Ray Klassen, without deeper knowledge of libreswan I tried to reproduce this issue, but it did not show up for me. It might be possible to install the package systemd-coredump. Then in the journal should a backtrace be printed when you repeat the checkconfig, which you could forward to this bug. Additionally the backtrace would contain more function names when the matching debug symbols are installed like described in [1]. This page might give some more pointer how to retrieve more information form that issue. Kind regards, Bernhard [1] https://wiki.debian.org/HowToGetABacktrace#Installing_the_debugging_symbols Further on this. It seems to relate to having esp= in the default 'conn' and overriding it with phase2alg= in a specific 'conn.' I had that crash again on another router and after using phase2alg in both stanzas the problem went away. -- Ray Klassen IT Manager Communitas Supportive Care Society Office 604 850 6608 x331 Mobile 604 308 6215
Bug#934327: libreswan: addconn crash on ipsec.conf
Hello Ray Klassen, without deeper knowledge of libreswan I tried to reproduce this issue, but it did not show up for me. It might be possible to install the package systemd-coredump. Then in the journal should a backtrace be printed when you repeat the checkconfig, which you could forward to this bug. Additionally the backtrace would contain more function names when the matching debug symbols are installed like described in [1]. This page might give some more pointer how to retrieve more information form that issue. Kind regards, Bernhard [1] https://wiki.debian.org/HowToGetABacktrace#Installing_the_debugging_symbols
Bug#934327: libreswan: addconn crash on ipsec.conf
Package: libreswan Version: 3.27-6 Severity: important Dear Maintainer, upgraded to buster from jessie systemctl start ipsec reported a failure narrowed the cause down to addconn crashing as invoked by ipsec.service ran: /usr/lib/ipsec/addconn --config ./ipsec.conf.nioffice --checkconfig result: free(): double free detected in tcache 2 Aborted downloaded the libreswan-3.29 tarball from libreswan wiki and created debian package using make deb. installed 3.29 version deb and problem went away. copied up problem ipsec.conf to router running the stock buster 3.27 and ran addconn --checkconfig against it with the same result. narrowed it down to two lines in the last 'conn' as below with all irrelevant info omitted. conn %default ike=aes256-sha2_512;modp1024 phase2alg=aes256-sha2_512;modp1024 conn site1 ike=aes256-sha2_512;modp1024 phase2alg=aes256-sha2_512;modp1024 conn site2 ike=aes256-sha2_512;modp1024 phase2alg=aes256-sha2_512;modp1024 as the default wasn't really the default anymore, I moved the identical site1 and site2 lines into %default and removed them from the 'site' conns and addconn --checkconfig worked fine. But it really should have been able to parse the original ipsec.conf. -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 4.19.0-5-686-pae (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libreswan depends on: ii bind9-host [host]1:9.11.5.P4+dfsg-5.1 ii bsdmainutils 11.1.2+b1 ii debconf [debconf-2.0]1.5.71 ii dns-root-data2019031302 ii host 1:9.10.3.dfsg.P4-12.3+deb9u5 ii iproute2 4.20.0-2 ii iptables 1.8.2-4 ii libaudit11:2.8.4-3 ii libc62.28-10 ii libcap-ng0 0.7.9-2 ii libcurl3-nss 7.64.0-4 ii libevent-2.1-6 2.1.8-stable-4 ii libevent-pthreads-2.1-6 2.1.8-stable-4 ii libldap-2.4-22.4.47+dfsg-3 ii libldns2 1.7.0-4 ii libnspr4 2:4.20-1 ii libnss3 2:3.42.1-1 ii libnss3-tools2:3.42.1-1 ii libpam0g 1.3.1-5 ii libselinux1 2.8-1+b1 ii libsystemd0 241-5 ii libunbound8 1.9.0-2 ii systemd 241-5 Versions of packages libreswan recommends: ii python3 3.7.3-1 libreswan suggests no packages. -- Configuration Files: /etc/init.d/ipsec [Errno 2] No such file or directory: '/etc/init.d/ipsec' /etc/ipsec.conf changed [not included] /etc/ipsec.d/policies/block changed [not included] /etc/ipsec.d/policies/clear changed [not included] /etc/ipsec.d/policies/clear-or-private changed [not included] /etc/ipsec.d/policies/private changed [not included] /etc/ipsec.d/policies/private-or-clear changed [not included] /etc/ipsec.secrets changed [not included] -- no debconf information