[strongSwan] Charon reset
Ken Nelson
ken at cazena.com
Mon Mar 9 19:47:44 CET 2015
Before receiving your reply, I set ikelifetime=15m and reran the test, not thinking/knowing to reset rekeymargin/rekeyfuzz. Received SIGSEGV in a different area of the code very shortly after bringing the tunnel up. Some details are here:
Core was generated by `/usr/libexec/strongswan/charon --use-syslog'.
Program terminated with signal 6, Aborted.
#0 0x00007fc1d8f87625 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Missing separate debuginfos, use: debuginfo-install libidn-1.18-2.el6.x86_64
(gdb) bt
#0 0x00007fc1d8f87625 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007fc1d8f88e05 in abort () at abort.c:92
#2 0x0000000000401393 in segv_handler (signal=11) at charon.c:199
#3 <signal handler called>
#4 0x00007fc1d92e4ed8 in main_arena () from /lib64/libc-2.12.so
#5 0x00007fc1d390e7c0 in has_subject (this=0x179bdd0, subject=0x7fc1bc002660) at x509_cert.c:1555
#6 0x00007fc1d9e2f945 in certs_filter (data=0x7fc1bc002750, in=0x7fc1ce5b3af8, out=0x7fc1ce5b3ba8)
at credentials/sets/mem_cred.c:114
#7 0x00007fc1d9e21a55 in enumerate_filter (this=0x7fc1bc002370, o1=0x7fc1ce5b3ba8, o2=0x7fc1d9e21ce0, o3=0x20000000,
o4=0x7fc1bc000088, o5=0x1) at collections/enumerator.c:525
#8 0x00007fc1d9e21953 in enumerate_nested (this=0x7fc1bc002300, v1=0x7fc1ce5b3ba8, v2=0x7fc1d9e21ce0, v3=0x20000000,
v4=0x7fc1bc000088, v5=0x1) at collections/enumerator.c:448
#9 0x00007fc1d9e2e5c0 in get_cert (this=<value optimized out>, cert=<value optimized out>, key=<value optimized out>,
id=<value optimized out>, trusted=<value optimized out>) at credentials/credential_manager.c:269
#10 0x00007fc1d99cb535 in process_certreq (this=0x7fc1b4006330, message=<value optimized out>)
at sa/ikev2/tasks/ike_cert_pre.c:85
#11 process_certreqs (this=0x7fc1b4006330, message=<value optimized out>) at sa/ikev2/tasks/ike_cert_pre.c:142
#12 0x00007fc1d99cbacb in process_i (this=0x7fc1b4006330, message=0x7fc1bc0010d0) at sa/ikev2/tasks/ike_cert_pre.c:524
#13 0x00007fc1d99c1bce in process_response (this=0x7fc1b4006140, msg=0x7fc1bc0010d0) at sa/ikev2/task_manager_v2.c:538
#14 process_message (this=0x7fc1b4006140, msg=0x7fc1bc0010d0) at sa/ikev2/task_manager_v2.c:1217
#15 0x00007fc1d99b59e7 in process_message (this=0x7fc1b4006e50, message=0x7fc1bc0010d0) at sa/ike_sa.c:1268
#16 0x00007fc1d99b0d17 in execute (this=0x7fc1bc000a60) at processing/jobs/process_message_job.c:74
#17 0x00007fc1d9e39079 in process_job (worker=0x1796270) at processing/processor.c:235
#18 process_jobs (worker=0x1796270) at processing/processor.c:321
#19 0x00007fc1d9e4918e in thread_main (this=0x17968e0) at threading/thread.c:312
#20 0x00007fc1d94f49d1 in start_thread (arg=0x7fc1ce5b4700) at pthread_create.c:301
#21 0x00007fc1d903d9dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
(gdb) up
#1 0x00007fc1d8f88e05 in abort () at abort.c:92
92 raise (SIGABRT);
(gdb)
#2 0x0000000000401393 in segv_handler (signal=11) at charon.c:199
199 abort();
(gdb)
#3 <signal handler called>
(gdb)
#4 0x00007fc1d92e4ed8 in main_arena () from /lib64/libc-2.12.so
(gdb) list
194 backtrace->log(backtrace, NULL, TRUE);
195 backtrace->log(backtrace, stderr, TRUE);
196 backtrace->destroy(backtrace);
197
198 DBG1(DBG_DMN, "killing ourself, received critical signal");
199 abort();
200 }
201
202 /**
203 * Check/create PID file, return TRUE if already running
(gdb) up
#5 0x00007fc1d390e7c0 in has_subject (this=0x179bdd0, subject=0x7fc1bc002660) at x509_cert.c:1555
1555 enumerator = this->subjectAltNames->create_enumerator(this->subjectAltNames);
(gdb) p this
$1 = (private_x509_cert_t *) 0x179bdd0
(gdb) p *this
$2 = {public = {interface = {interface = {get_type = 0x7fc1d3908ad0 <get_type>,
get_subject = 0x7fc1d3908ae0 <get_subject>, has_subject = 0x7fc1d390e780 <has_subject>,
get_issuer = 0x7fc1d3908af0 <get_issuer>, has_issuer = 0x7fc1d3908b00 <has_issuer>,
issued_by = 0x7fc1d39090a0 <issued_by>, get_public_key = 0x7fc1d3908b10 <get_public_key>,
get_validity = 0x7fc1d3909030 <get_validity>, get_encoding = 0x7fc1d3908cb0 <get_encoding>,
equals = 0x7fc1d390e930 <equals>, get_ref = 0x7fc1d3908fa0 <get_ref>, destroy = 0x7fc1d3909780 <destroy>},
get_flags = 0x7fc1d3908b30 <get_flags>, get_serial = 0x7fc1d3908b40 <get_serial>,
get_subjectKeyIdentifier = 0x7fc1d3908b50 <get_subjectKeyIdentifier>,
get_authKeyIdentifier = 0x7fc1d3908bb0 <get_authKeyIdentifier>,
get_constraint = 0x7fc1d3908bc0 <get_constraint>,
create_subjectAltName_enumerator = 0x7fc1d3908c20 <create_subjectAltName_enumerator>,
create_crl_uri_enumerator = 0x7fc1d3908c40 <create_crl_uri_enumerator>,
create_ocsp_uri_enumerator = 0x7fc1d3908c30 <create_ocsp_uri_enumerator>,
create_ipAddrBlock_enumerator = 0x7fc1d3908c50 <create_ipAddrBlock_enumerator>,
create_name_constraint_enumerator = 0x7fc1d3908c60 <create_name_constraint_enumerator>,
create_cert_policy_enumerator = 0x7fc1d3908c90 <create_cert_policy_enumerator>,
create_policy_mapping_enumerator = 0x7fc1d3908ca0 <create_policy_mapping_enumerator>}}, encoding = {ptr = 0x0,
len = 0}, encoding_hash = {ptr = 0x0, len = 0}, tbsCertificate = {
ptr = 0x179c5a4 "0\202\003Ƞ\003\002\001\002\002\001\001\060\r\006\t*\206H\206\367\r\001\001\005\005", len = 972},
version = 3, serialNumber = {ptr = 0x179c5af "\001\060\r\006\t*\206H\206\367\r\001\001\005\005", len = 1},
issuer = 0x179ccd0, notBefore = 1421442360, notAfter = 1737061560, subject = 0x179cdd0, subjectAltNames = 0x179bfa0,
crl_uris = 0x179c060, ocsp_uris = 0x179c120, ipAddrBlocks = 0x179c1e0, permitted_names = 0x179c2a0,
excluded_names = 0x179c360, cert_policies = 0x179c420, policy_mappings = 0x179c4e0, public_key = 0x179d0a0,
subjectKeyIdentifier = {
ptr = 0x179c94f "\235\006&%\254*\236r\277\376\270g~x?\264(\365@\300\060\v\006\003U\035\017\004\004\003\002\001\006\060\r\006\t*\206H\206\367\r\001\001\005\005", len = 20}, authKeyIdentifier = {ptr = 0x0, len = 0},
authKeySerialNumber = {ptr = 0x0, len = 0}, pathLenConstraint = 255 '\377', require_explicit = 255 '\377',
inhibit_mapping = 255 '\377', inhibit_any = 255 '\377', flags = 161, algorithm = 93, signature = {
ptr = 0x179c983 "", len = 513}, parsed = true, ref = 0}
(gdb) info threads
18 Thread 0x7fc1da273700 (LWP 24610) do_sigwait (set=<value optimized out>, sig=0x7ffff2b48488)
at ../sysdeps/unix/sysv/linux/sigwait.c:65
17 Thread 0x7fc1a7fff700 (LWP 24639) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:239
16 Thread 0x7fc1c4fa5700 (LWP 24627) pthread_cond_wait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
15 Thread 0x7fc1c59a6700 (LWP 24626) pthread_cond_wait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
14 Thread 0x7fc1c63a7700 (LWP 24625) pthread_cond_wait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
13 Thread 0x7fc1c6da8700 (LWP 24624) pthread_cond_wait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
12 Thread 0x7fc1c77a9700 (LWP 24623) pthread_cond_wait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
11 Thread 0x7fc1c81aa700 (LWP 24622) pthread_cond_wait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
10 Thread 0x7fc1c8bab700 (LWP 24621) pthread_cond_wait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
9 Thread 0x7fc1c95ac700 (LWP 24620) pthread_cond_wait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
8 Thread 0x7fc1c9fad700 (LWP 24619) pthread_cond_wait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
7 Thread 0x7fc1ca9ae700 (LWP 24618) pthread_cond_wait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
6 Thread 0x7fc1cb3af700 (LWP 24617) pthread_cond_wait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
5 Thread 0x7fc1cbdb0700 (LWP 24616) 0x00007fc1d9036453 in select () at ../sysdeps/unix/syscall-template.S:82
4 Thread 0x7fc1cc7b1700 (LWP 24615) 0x00007fc1d9036453 in select () at ../sysdeps/unix/syscall-template.S:82
3 Thread 0x7fc1cd1b2700 (LWP 24614) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:239
2 Thread 0x7fc1cdbb3700 (LWP 24613) pthread_cond_wait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
* 1 Thread 0x7fc1ce5b4700 (LWP 24612) 0x00007fc1d8f87625 in raise (sig=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
(gdb)
On Mar 9, 2015, at 10:23 AM, Martin Willi <martin at strongswan.org<mailto:martin at strongswan.org>> wrote:
I will try to more quickly produce the crash by setting ikelifetime.
Is there a recommended (or minimum) value?
You may set it to 30s or so, but make sure to adjust
rekeymargin/rekeyfuzz accordingly.
(gdb) p *cert
$4 = {get_type = 0xd30fe0, get_subject = 0x7f5e631a9ed8 <main_arena+88>, has_subject = 0, get_issuer = 0,
has_issuer = 0x7f5e5d7cdb00 <has_issuer>, issued_by = 0x7f5e5d7ce0a0 <issued_by>,
get_public_key = 0x7f5e5d7cdb10 <get_public_key>, get_validity = 0x7f5e5d7ce030 <get_validity>,
get_encoding = 0x7f5e5d7cdcb0 <get_encoding>, equals = 0x7f5e5d7d3930 <equals>, get_ref = 0x7f5e5d7cdfa0 <get_ref>,
destroy = 0x7f5e5d7ce780 <destroy>}
That certificate instance is definitely corrupted, most likely a
reference counting issue.
http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=8ca9a67fa
You definitely should give that commit referenced by Tobias a try.
Either apply the patch manually to your build, or upgrade to at least
version 5.2.1.
Regards
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150309/f07249e5/attachment-0001.html>
More information about the Users
mailing list