Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-68047

Crash on accessing keys while re-reading secrets

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • rhel-9.6
    • rhel-9.0.0.z
    • libreswan
    • None
    • No
    • Important
    • ZStream
    • rhel-sst-security-crypto
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Approved Blocker
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Libreswan crashed after execution of ipsec --rereadsecrets
      Upstream issue: https://github.com/libreswan/libreswan/issues/1894

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      Reproduced with the following Libreswna 4.6 build: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=65928255
      But it's just a normal 4.6 build with a few unrelated changes on top.

      How reproducible is this bug?:

      Not frequently. Took about 14 hours of running the OVS's reconciliation test to reproduce. But there must be an easier way to reproduce.

      Steps to reproduce

      1.  Call ipsec --rereadsecrets while connection is establishing.

      Expected results

      Normal operation.

      Actual results

      Crash.

      Thread 6 "pluto" received signal SIGSEGV, Segmentation fault.
      [Switching to Thread 0x7f8db2cdf640 (LWP 788628)]
      0x000055be0f6b249f in v2_auth_signature (logger=0x55be112ff620, 
          hash_to_sign=hash_to_sign@entry=0x55be113216d0, 
          hash_algo=0x55be0f82f140 <ike_alg_hash_sha2_512>, 
          auth_method=<optimized out>, pks=0x55be112fada0)
          at /usr/src/debug/libreswan-4.6-3.el9_0.3.x86_64/programs/pluto/ikev2_auth.c:297
      297             struct hash_signature sig = pks->pubkey_type->sign_hash(pks,
      
      (gdb) #0  0x000055be0f6b249f in v2_auth_signature (logger=0x55be112ff620, 
          hash_to_sign=hash_to_sign@entry=0x55be113216d0, 
          hash_algo=0x55be0f82f140 <ike_alg_hash_sha2_512>, 
          auth_method=<optimized out>, pks=0x55be112fada0)
          at /usr/src/debug/libreswan-4.6-3.el9_0.3.x86_64/programs/pluto/ikev2_auth.c:297
      #1  0x000055be0f6b2e80 in v2_auth_signature_computer (logger=<optimized out>, 
          task=0x55be113216d0, unused_my_thread=<optimized out>)
          at /usr/src/debug/libreswan-4.6-3.el9_0.3.x86_64/programs/pluto/ikev2_auth_helper.c:102
      #2  0x000055be0f6ef9d5 in do_job (job=0x55be112ff540, helper_id=5)
          at /usr/src/debug/libreswan-4.6-3.el9_0.3.x86_64/programs/pluto/server_pool.c:181
      #3  0x000055be0f6eff15 in helper_thread (arg=0x55be112eeba0)
          at /usr/src/debug/libreswan-4.6-3.el9_0.3.x86_64/programs/pluto/server_pool.c:252
      #4  0x00007f8db6289c02 in start_thread (arg=<optimized out>)
          at pthread_create.c:443
      #5  0x00007f8db630ec40 in clone3 ()
          at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
      

      The issue is fixed upstream on v5 with: https://github.com/libreswan/libreswan/commit/a382a26d1dd9787204a847a531a2b79370a30f17
      However, there might be other relevant commits preceding this one required for the fix, specifically ones related to passing around secret_pubkey_stuff as a pointer.

      Full debug logs attached as an archive. Full stack trace is in node-13/gdb.out.

              dueno@redhat.com Daiki Ueno
              imaximet@redhat.com Ilya Maximets
              Daiki Ueno Daiki Ueno
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: