I'm not really sure should I post it here, report a new bug, or report a bug to strongswan project directly.
I can reproduce this buffer overflow with 100% probability. It is a resource independent and strongswan fail as on t1.micro or at any instance with more resources.
Buffer overflow depends on a connections number (few hundreds - from 150 up to almost 400 - it depends on time between connections ).
# ipsec --version
Linux strongSwan U5.1.2/K3.13.0-79-generic
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
Hello Simon,
I'm not really sure should I post it here, report a new bug, or report a bug to strongswan project directly.
I can reproduce this buffer overflow with 100% probability. It is a resource independent and strongswan fail as on t1.micro or at any instance with more resources.
Buffer overflow depends on a connections number (few hundreds - from 150 up to almost 400 - it depends on time between connections ).
Some other resources usage: /www.dropbox. com/s/kqox2t2u8 6ws49c/ Screenshot% 202016- 02-27%2018. 51.01.png? dl=0 (green) /www.dropbox. com/s/vzah4itqm rioksn/ Screenshot% 202016- 02-27%2018. 50.45.png? dl=0 /www.dropbox. com/s/vkqf4ziuz 19m20f/ Screenshot% 202016- 02-27%2018. 50.18.png? dl=0 /www.dropbox. com/s/6kyt81lh4 wnmh5h/ Screenshot% 202016- 02-27%2018. 50.30.png? dl=0
* CPU load less than 50% on t1.micro and less than 10% on t1.lagre - https:/
* a lot of free memory - https:/
* about 1100 sockets are used - https:/
* write peak 90kB/sec (/var/log) - https:/
ipsec statusall before fail:
xd@test-vpn-01:~$ sudo ipsec statusall | head -4
Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-74-generic, x86_64):
uptime: 83 seconds, since Feb 27 18:02:36 2016
malloc: sbrk 4870144, mmap 0, used 4382032, free 488112
worker threads: 507 of 512 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 876
xd@test-vpn-01:~$ sudo ipsec statusall | head -4
Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-74-generic, x86_64):
uptime: 85 seconds, since Feb 27 18:02:36 2016
malloc: sbrk 4927488, mmap 0, used 4428240, free 499248
worker threads: 507 of 512 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 889
xd@test-vpn-01:~$ sudo ipsec statusall | head -4
Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-74-generic, x86_64):
uptime: 86 seconds, since Feb 27 18:02:36 2016
malloc: sbrk 4980736, mmap 0, used 4488352, free 492384
worker threads: 506 of 512 idle, 5/0/1/0 working, job queue: 0/0/0/0, scheduled: 897
xd@test-vpn-01:~$ sudo ipsec statusall | head -4
xd@test-vpn-01:~$ sudo ipsec statusall | head -4
# cat log.txt | grep -B 20 -A 20 'overflow' eap-loadtest[ 248] established between 172.31. 59.95[CN= srv, OU=load-test, O=strongSwan] ...172. 31.62.150[ loadtest- 197] eap-loadtest{ 231} established with SPIs c8213004_i cd74929b_o and TS 172.31.59.95/32 === 10.0.0.231/32 ipsec/charon terminated 64-linux- gnu/libc. so.6(+0x7338f) [0x7f81b0aa038f ] 64-linux- gnu/libc. so.6(__ fortify_ fail+0x5c) [0x7f81b0b37c9c ] 64-linux- gnu/libc. so.6(+0x109b60) [0x7f81b0b36b60 ] 64-linux- gnu/libc. so.6(+0x10abe7) [0x7f81b0b37be7 ] ipsec/libradius .so.0(+ 0x2fcf) [0x7f81ab867fcf ] ipsec/libradius .so.0(+ 0x3660) [0x7f81ab868660 ] ipsec/plugins/ libstrongswan- eap-radius. so(+0x4af1) [0x7f81aba70af1 ] ipsec/plugins/ libstrongswan- eap-radius. so(+0x4dc5) [0x7f81aba70dc5 ] ipsec/libstrong swan.so. 0(+0x2858e) [0x7f81b14b258e ] ipsec/libstrong swan.so. 0(+0x28df2) [0x7f81b14b2df2 ] ipsec/libstrong swan.so. 0(+0x2bc14) [0x7f81b14b5c14 ] 64-linux- gnu/libpthread. so.0(+0x8182) [0x7f81b0dfa182 ] 64-linux- gnu/libc. so.6(clone+ 0x6d)[0x7f81b0b 2747d] 7f8064050000 rw-p 00000000 00:00 0 7f8068000000 ---p 00000000 00:00 0 7f806c042000 rw-p 00000000 00:00 0 7f8070000000 ---p 00000000 00:00 0 7f8070038000 rw-p 00000000 00:00 0
216[CFG] received RADIUS Access-Accept from server '127.0.0.1'
216[CFG] scheduling RADIUS Interim-Updates every 15s
216[IKE] RADIUS authentication of 'loadtest-197' successful
216[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established
216[ENC] generating IKE_AUTH response 4 [ EAP/SUCC ]
216[NET] sending packet: from 172.31.59.95[500] to 172.31.62.150[500] (76 bytes)
217[NET] received packet: from 172.31.62.150[500] to 172.31.59.95[500] (92 bytes)
217[ENC] parsed IKE_AUTH request 5 [ AUTH ]
217[IKE] authentication of 'loadtest-197' with EAP successful
217[IKE] authentication of 'CN=srv, OU=load-test, O=strongSwan' (myself) with EAP
217[IKE] IKE_SA ikev2-with-
217[IKE] scheduling reauthentication in 3403s
217[IKE] maximum IKE_SA lifetime 3583s
217[IKE] peer requested virtual IP %any
217[CFG] assigning new lease to 'loadtest-197'
217[IKE] assigning virtual IP 10.0.0.231 to peer 'loadtest-197'
217[IKE] CHILD_SA ikev2-with-
217[CFG] sending RADIUS Accounting-Request to server '127.0.0.1'
217[CFG] received RADIUS Accounting-Response from server '127.0.0.1'
217[ENC] generating IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS) SA TSi TSr N(AUTH_LFT) ]
217[NET] sending packet: from 172.31.59.95[500] to 1*** buffer overflow detected ***: /usr/lib/
======= Backtrace: =========
/lib/x86_
/lib/x86_
/lib/x86_
/lib/x86_
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/lib/x86_
/lib/x86_
======= Memory map: ========
7f8064000000-
7f8064050000-
7f806c000000-
7f806c042000-
7f8070000000-
After full update the bug still exist:
# lsb_release -rd
Description: Ubuntu 14.04.4 LTS
Release: 14.04
# ipsec --version K3.13.0- 79-generic
Linux strongSwan U5.1.2/
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
# apt-cache policy libc-bin us-east- 1.ec2.archive. ubuntu. com/ubuntu/ trusty-updates/main amd64 Packages security. ubuntu. com/ubuntu/ trusty- security/ main amd64 Packages dpkg/status us-east- 1.ec2.archive. ubuntu. com/ubuntu/ trusty/main amd64 Packages
libc-bin:
Installed: 2.19-0ubuntu6.7
Candidate: 2.19-0ubuntu6.7
Version table:
*** 2.19-0ubuntu6.7 0
500 http://
500 http://
100 /var/lib/
2.19-0ubuntu6 0
500 http://
# apt-cache policy strongswan us-east- 1.ec2.archive. ubuntu. com/ubuntu/ trusty-updates/main amd64 Packages security. ubuntu. com/ubuntu/ trusty- security/ main amd64 Packages dpkg/status us-east- 1.ec2.archive. ubuntu. com/ubuntu/ trusty/main amd64 Packages
strongswan:
Installed: 5.1.2-0ubuntu2.4
Candidate: 5.1.2-0ubuntu2.4
Version table:
*** 5.1.2-0ubuntu2.4 0
500 http://
500 http://
100 /var/lib/
5.1.2-0ubuntu2 0
500 http://
# uname -a
Linux test-vpn-01 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19 14:27:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Best regards,
Ruslan.