[Touch-packages] [Bug 1899103] Re: libpam-cap causes PAM applications to crash
** Changed in: libcap2 (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1899103 Title: libpam-cap causes PAM applications to crash Status in libcap2 package in Ubuntu: Triaged Bug description: Install ocserv and setup for PAM authentication. On second connection, ocserv crashes due to a double free in PAM. Repro steps: 1. Create Dockerfile that installs ocserv + libpam-cap ``` FROM ubuntu:20.04 RUN apt update && apt install -y ocserv libpam-cap && apt autoremove && apt clean COPY server-cert.pem /etc/ssl/ocserv_test.cert COPY server-key.pem /etc/ssl/ocserv_test.key COPY ca-cert.pem /etc/ssl/certs/ssl-cert-snakeoil.pem COPY ocserv.conf /etc/ocserv/ocserv.conf RUN useradd test RUN echo "test\ntest" | passwd test ENV MALLOC_CHECK_=3 CMD ocserv -f -d 1 ``` 2. Build container: ``` sudo docker build -t ocserv:20.04 . ``` 3. Launch container: ``` docker run -p 443:443/tcp -p 443:443/udp -it --rm --device /dev/net/tun --cap-add net_admin ocserv:20.04 ``` 4. From another console, connect / disconnect: ``` while true; do echo test | openconnect https://localhost -u test --passwd-on-stdin --servercert pin-sha256:qBLVTyoXiFdn+0pW+eSGqnVCEnMbLigVf5vAl1ZewW4= --background && sleep 2 && pkill openconnect && sleep 2;done ``` 5. ocserv crashes: free(): invalid pointer ocserv[8]: main: main-sec-mod-cmd.c:106: command socket for sec-mod closed ocserv[8]: main: main.c:1179: error in command from sec-mod ocserv[8]: main: termination request received; waiting for children to die For more details see: https://gitlab.com/openconnect/ocserv/-/issues/361 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1899103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1899103] Re: libpam-cap causes PAM applications to crash
** Changed in: libcap2 (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1899103 Title: libpam-cap causes PAM applications to crash Status in libcap2 package in Ubuntu: Confirmed Bug description: Install ocserv and setup for PAM authentication. On second connection, ocserv crashes due to a double free in PAM. Repro steps: 1. Create Dockerfile that installs ocserv + libpam-cap ``` FROM ubuntu:20.04 RUN apt update && apt install -y ocserv libpam-cap && apt autoremove && apt clean COPY server-cert.pem /etc/ssl/ocserv_test.cert COPY server-key.pem /etc/ssl/ocserv_test.key COPY ca-cert.pem /etc/ssl/certs/ssl-cert-snakeoil.pem COPY ocserv.conf /etc/ocserv/ocserv.conf RUN useradd test RUN echo "test\ntest" | passwd test ENV MALLOC_CHECK_=3 CMD ocserv -f -d 1 ``` 2. Build container: ``` sudo docker build -t ocserv:20.04 . ``` 3. Launch container: ``` docker run -p 443:443/tcp -p 443:443/udp -it --rm --device /dev/net/tun --cap-add net_admin ocserv:20.04 ``` 4. From another console, connect / disconnect: ``` while true; do echo test | openconnect https://localhost -u test --passwd-on-stdin --servercert pin-sha256:qBLVTyoXiFdn+0pW+eSGqnVCEnMbLigVf5vAl1ZewW4= --background && sleep 2 && pkill openconnect && sleep 2;done ``` 5. ocserv crashes: free(): invalid pointer ocserv[8]: main: main-sec-mod-cmd.c:106: command socket for sec-mod closed ocserv[8]: main: main.c:1179: error in command from sec-mod ocserv[8]: main: termination request received; waiting for children to die For more details see: https://gitlab.com/openconnect/ocserv/-/issues/361 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1899103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1899103] Re: libpam-cap causes PAM applications to crash
Had not heard about this specifically before. Some bug fixes to pam_cap.so found by static analysis: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=954a5ce4fdf195e062909f2c921d8f915d2905b9 https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=552db8f4116df3fad4e4ebf90a9a05a77b9486fd Perhaps they address this problem? The more recent of these two appeared in libcap-2.50. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1899103 Title: libpam-cap causes PAM applications to crash Status in libcap2 package in Ubuntu: Confirmed Bug description: Install ocserv and setup for PAM authentication. On second connection, ocserv crashes due to a double free in PAM. Repro steps: 1. Create Dockerfile that installs ocserv + libpam-cap ``` FROM ubuntu:20.04 RUN apt update && apt install -y ocserv libpam-cap && apt autoremove && apt clean COPY server-cert.pem /etc/ssl/ocserv_test.cert COPY server-key.pem /etc/ssl/ocserv_test.key COPY ca-cert.pem /etc/ssl/certs/ssl-cert-snakeoil.pem COPY ocserv.conf /etc/ocserv/ocserv.conf RUN useradd test RUN echo "test\ntest" | passwd test ENV MALLOC_CHECK_=3 CMD ocserv -f -d 1 ``` 2. Build container: ``` sudo docker build -t ocserv:20.04 . ``` 3. Launch container: ``` docker run -p 443:443/tcp -p 443:443/udp -it --rm --device /dev/net/tun --cap-add net_admin ocserv:20.04 ``` 4. From another console, connect / disconnect: ``` while true; do echo test | openconnect https://localhost -u test --passwd-on-stdin --servercert pin-sha256:qBLVTyoXiFdn+0pW+eSGqnVCEnMbLigVf5vAl1ZewW4= --background && sleep 2 && pkill openconnect && sleep 2;done ``` 5. ocserv crashes: free(): invalid pointer ocserv[8]: main: main-sec-mod-cmd.c:106: command socket for sec-mod closed ocserv[8]: main: main.c:1179: error in command from sec-mod ocserv[8]: main: termination request received; waiting for children to die For more details see: https://gitlab.com/openconnect/ocserv/-/issues/361 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1899103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1899103] Re: libpam-cap causes PAM applications to crash
I have this problem too. When I try to connect to it for the second time, it gives this error on the client-side: Got HTTP response: HTTP/1.1 401 Authentication failed Server 'example.com' requested Basic authentication which is disabled by default Failed to obtain WebVPN cookie And then the ocserv goes down on the server. If I add --http-auth=Basic option to openconnect, then it won't ask for password from me and gives the following error: Got HTTP response: HTTP/1.1 401 Authentication failed Content-Length: 0 HTTP body length: (0) No more authentication methods to try Failed to obtain WebVPN cookie -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1899103 Title: libpam-cap causes PAM applications to crash Status in libcap2 package in Ubuntu: Confirmed Bug description: Install ocserv and setup for PAM authentication. On second connection, ocserv crashes due to a double free in PAM. Repro steps: 1. Create Dockerfile that installs ocserv + libpam-cap ``` FROM ubuntu:20.04 RUN apt update && apt install -y ocserv libpam-cap && apt autoremove && apt clean COPY server-cert.pem /etc/ssl/ocserv_test.cert COPY server-key.pem /etc/ssl/ocserv_test.key COPY ca-cert.pem /etc/ssl/certs/ssl-cert-snakeoil.pem COPY ocserv.conf /etc/ocserv/ocserv.conf RUN useradd test RUN echo "test\ntest" | passwd test ENV MALLOC_CHECK_=3 CMD ocserv -f -d 1 ``` 2. Build container: ``` sudo docker build -t ocserv:20.04 . ``` 3. Launch container: ``` docker run -p 443:443/tcp -p 443:443/udp -it --rm --device /dev/net/tun --cap-add net_admin ocserv:20.04 ``` 4. From another console, connect / disconnect: ``` while true; do echo test | openconnect https://localhost -u test --passwd-on-stdin --servercert pin-sha256:qBLVTyoXiFdn+0pW+eSGqnVCEnMbLigVf5vAl1ZewW4= --background && sleep 2 && pkill openconnect && sleep 2;done ``` 5. ocserv crashes: free(): invalid pointer ocserv[8]: main: main-sec-mod-cmd.c:106: command socket for sec-mod closed ocserv[8]: main: main.c:1179: error in command from sec-mod ocserv[8]: main: termination request received; waiting for children to die For more details see: https://gitlab.com/openconnect/ocserv/-/issues/361 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1899103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1899103] Re: libpam-cap causes PAM applications to crash
Confirmed the issue ** Changed in: libcap2 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libcap2 in Ubuntu. https://bugs.launchpad.net/bugs/1899103 Title: libpam-cap causes PAM applications to crash Status in libcap2 package in Ubuntu: Confirmed Bug description: Install ocserv and setup for PAM authentication. On second connection, ocserv crashes due to a double free in PAM. Repro steps: 1. Create Dockerfile that installs ocserv + libpam-cap ``` FROM ubuntu:20.04 RUN apt update && apt install -y ocserv libpam-cap && apt autoremove && apt clean COPY server-cert.pem /etc/ssl/ocserv_test.cert COPY server-key.pem /etc/ssl/ocserv_test.key COPY ca-cert.pem /etc/ssl/certs/ssl-cert-snakeoil.pem COPY ocserv.conf /etc/ocserv/ocserv.conf RUN useradd test RUN echo "test\ntest" | passwd test ENV MALLOC_CHECK_=3 CMD ocserv -f -d 1 ``` 2. Build container: ``` sudo docker build -t ocserv:20.04 . ``` 3. Launch container: ``` docker run -p 443:443/tcp -p 443:443/udp -it --rm --device /dev/net/tun --cap-add net_admin ocserv:20.04 ``` 4. From another console, connect / disconnect: ``` while true; do echo test | openconnect https://localhost -u test --passwd-on-stdin --servercert pin-sha256:qBLVTyoXiFdn+0pW+eSGqnVCEnMbLigVf5vAl1ZewW4= --background && sleep 2 && pkill openconnect && sleep 2;done ``` 5. ocserv crashes: free(): invalid pointer ocserv[8]: main: main-sec-mod-cmd.c:106: command socket for sec-mod closed ocserv[8]: main: main.c:1179: error in command from sec-mod ocserv[8]: main: termination request received; waiting for children to die For more details see: https://gitlab.com/openconnect/ocserv/-/issues/361 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcap2/+bug/1899103/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
