[strongSwan-dev] strongswan attestation imv crashing on ppc64
Andreas Steffen
andreas.steffen at strongswan.org
Wed Jan 21 23:58:18 CET 2015
Hi Avesh,
I fixed the bug with the following commit:
http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=ecf605c6e1212b90787feac659845828b65ee39e
Thanks
Andreas
On 01/21/2015 10:32 PM, Avesh Agarwal wrote:
> On Wed, Jan 21, 2015 at 12:56 PM, Avesh Agarwal <avesh.ncsu at gmail.com
> <mailto:avesh.ncsu at gmail.com>> wrote:
>
> Hi,
>
> While testing attestation imv on ppc64, it generates following core
> dump:
>
> Core was generated by `/usr/libexec/strongswan/charon --use-syslog '.
> Program terminated with signal 6, Aborted.
> #0 0x00003fffaaf4fed0 in __GI_raise (sig=<optimized out>) at
> ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> 56 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
> (gdb) bt
> #0 0x00003fffaaf4fed0 in __GI_raise (sig=<optimized out>) at
> ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> #1 0x00003fffaaf51f14 in __GI_abort () at abort.c:90
> #2 0x0000000057902a50 in segv_handler (signal=<optimized out>) at
> charon.c:199
> #3 <signal handler called>
> #4 trusted_enumerate (this=0x3fff98003b60, cert=<optimized out>,
> auth=0x50) at credentials/credential_manager.c:872
> #5 0x00003fffa95d87a8 in imv_attestation_process (attr=<optimized
> out>, out_msg=<optimized out>, state=0x3fff5c001740,
> supported_algorithms=<optimized out>,
> supported_dh_groups=<optimized out>, pts_db=<optimized out>,
> pts_credmgr=0x1002fcea670) at imv_attestation_process.c:201
> #6 0x00003fffa95d6400 in receive_msg
> (this=this at entry=0x1002fce6db0, state=0x3fff5c001740,
> in_msg=in_msg at entry=0x3fff98000d80) at imv_attestation_agent.c:291
> #7 0x00003fffa95d6900 in receive_message_long (this=0x1002fce6db0,
> id=<optimized out>, src_imc_id=2, dst_imv_id=2, msg_vid=21911,
> msg_subtype=1, msg=...)
> at imv_attestation_agent.c:357
> #8 0x00003fffa95d30f8 in TNC_IMV_ReceiveMessageLong
> (imv_id=<optimized out>, connection_id=<optimized out>,
> msg_flags=<optimized out>, msg=<optimized out>, msg_len=<optimized
> out>,
> msg_vid=<optimized out>, msg_subtype=<optimized out>,
> src_imc_id=<optimized out>, dst_imv_id=2) at
> ../../../../src/libimcv/imv/imv_if.h:106
> #9 0x00003fffa975500c in receive_message (this=0x1002fce1440,
> connection_id=1, excl=<optimized out>, msg=0x3fff980018c0 "\001",
> msg_len=846, msg_vid=21911, msg_subtype=1,
> src_imc_id=2, dst_imv_id=2) at tnc_imv_manager.c:364
> #10 0x00003fffa96e6c38 in handle_ietf_message (msg=<optimized out>,
> this=<optimized out>) at tnccs_20.c:288
> #11 handle_message (msg=<optimized out>, this=<optimized out>) at
> tnccs_20.c:510
> #12 process (this=0x3fff640009d0, buf=<optimized out>,
> buflen=<optimized out>) at tnccs_20.c:620
> #13 0x00003fffa97e4354 in assess (this=0x3fff64000d30,
> this=0x3fff64000d30, tnccs=0x3fff640009d0) at pt_tls_server.c:433
> #14 handle (this=0x3fff64000d30) at pt_tls_server.c:489
> #15 0x00003fffa9842858 in pt_tls_receive_more (this=<optimized out>,
> fd=<optimized out>, event=<optimized out>) at tnc_pdp.c:627
> #16 0x00003fffab37f5d4 in notify_async (data=0x3fff8c000970) at
> processing/watcher.c:152
> #17 0x00003fffab37cdc4 in execute (this=<optimized out>) at
> processing/jobs/callback_job.c:77
> #18 0x00003fffab37e1e0 in process_job (worker=0x1002fcfc200,
> this=0x1002fca5670) at processing/processor.c:235
> #19 process_jobs (worker=0x1002fcfc200) at processing/processor.c:321
> #20 0x00003fffab393d14 in thread_main (this=0x1002fcfc830) at
> threading/thread.c:312
> #21 0x00003fffab13c26c in start_thread (arg=0x3fffa849f1d0) at
> pthread_create.c:310
> #22 0x00003fffab028080 in .__clone () at
> ../sysdeps/unix/sysv/linux/powerpc/powerpc64/clone.S:111
>
> This issue does not happen on x86_64.
>
> Thanks and Regards
> Avesh
>
>
> Hi,
>
> This issue happens because of unused and unallocated "auth_cfg_t **auth"
> input parameter passed to function trusted_enumerate in
> src/libstrongswan/credentials/credential_manager.c.
>
> I have prepared a following patch to address this issue:
>
> diff -urNp
> strongswan-5.2.2/src/libstrongswan/credentials/credential_manager.c
> strongswan-5.2.2-patched/src/libstrongswan/credentials/credential_manager.c
> ---
> strongswan-5.2.2/src/libstrongswan/credentials/credential_manager.c
> 2014-08-30 07:00:32.000000000 -0400
> +++
> strongswan-5.2.2-patched/src/libstrongswan/credentials/credential_manager.c
> 2015-01-21 16:25:29.333956663 -0500
> @@ -836,7 +836,7 @@ typedef struct {
> } trusted_enumerator_t;
>
> METHOD(enumerator_t, trusted_enumerate, bool,
> - trusted_enumerator_t *this, certificate_t **cert, auth_cfg_t **auth)
> + trusted_enumerator_t *this, certificate_t **cert)
> {
> certificate_t *current;
>
> @@ -867,10 +867,6 @@ METHOD(enumerator_t, trusted_enumerate,
> this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT,
>
> this->pretrusted->get_ref(this->pretrusted));
> }
> - if (auth)
> - {
> - *auth = this->auth;
> - }
> return TRUE;
> }
> }
> @@ -896,10 +892,6 @@ METHOD(enumerator_t, trusted_enumerate,
> this->online))
> {
> *cert = current;
> - if (auth)
> - {
> - *auth = this->auth;
> - }
> return TRUE;
> }
> this->failed->insert_last(this->failed, current->get_ref(current));
>
> Would appreciate any feedback with this.
>
> Thanks and Regards
> Avesh
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150121/d6efd608/attachment-0001.bin>
More information about the Dev
mailing list