pki segmentation fault on openssl plugin

Bug #1964977 reported by Vincent Batts
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
strongswan (Ubuntu)
Fix Released
Medium
Sergio Durigan Junior
Jammy
Fix Released
Medium
Sergio Durigan Junior

Bug Description

Found while generating certificates
```
ipsec pki --gen --size 4096 --outform pem
Segmentation fault (core dumped)
```

upon reviewing the core dump it looks like when the openssl plugin is being unloaded there is a locking issue?
```
(gdb) bt
#0 __pthread_rwlock_rdlock_full64 (abstime=0x0, clockid=0, rwlock=0x0) at ./nptl/pthread_rwlock_common.c:298
#1 ___pthread_rwlock_rdlock (rwlock=0x0) at ./nptl/pthread_rwlock_rdlock.c:26
#2 0x00007efd494ccdad in CRYPTO_THREAD_read_lock () from /lib/x86_64-linux-gnu/libcrypto.so.3
#3 0x00007efd494c0306 in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.3
#4 0x00007efd494d3245 in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.3
#5 0x00007efd494d468c in OSSL_PROVIDER_unload () from /lib/x86_64-linux-gnu/libcrypto.so.3
#6 0x00007efd49768e71 in ?? () from /usr/lib/ipsec/plugins/libstrongswan-openssl.so
#7 0x00007efd49e91142 in plugin_entry_destroy (entry=0x55a207162140) at plugins/plugin_loader.c:209
#8 0x00007efd49e93461 in unload (this=this@entry=0x55a207123c40) at plugins/plugin_loader.c:1344
#9 0x00007efd49e934cd in destroy (this=0x55a207123c40) at plugins/plugin_loader.c:1432
#10 0x00007efd49e7a2f8 in library_deinit () at /build/strongswan-0cV2DU/strongswan-5.9.5/src/libstrongswan/library.c:167
#11 0x00007efd49c65495 in __run_exit_handlers (status=0, listp=0x7efd49e39838 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true)
    at ./stdlib/exit.c:113
#12 0x00007efd49c65610 in __GI_exit (status=<optimized out>) at ./stdlib/exit.c:143
#13 0x00007efd49c49d97 in __libc_start_call_main (main=main@entry=0x55a205ea88e0 <main>, argc=argc@entry=4, argv=argv@entry=0x7ffdfe6010e8) at ../sysdeps/nptl/libc_start_call_main.h:74
#14 0x00007efd49c49e40 in __libc_start_main_impl (main=0x55a205ea88e0 <main>, argc=4, argv=0x7ffdfe6010e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
    stack_end=0x7ffdfe6010d8) at ../csu/libc-start.c:392
#15 0x000055a205eaad25 in _start ()
```

related: https://github.com/openssl/openssl/issues/15915
and even better, it looks like it was fixed upstream a couple weeks ago: https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: strongswan-pki 5.9.5-2ubuntu1
ProcVersionSignature: Ubuntu 5.15.0-22.22-generic 5.15.19
Uname: Linux 5.15.0-22-generic x86_64
ApportVersion: 2.20.11-0ubuntu79
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Tue Mar 15 10:46:07 2022
InstallationDate: Installed on 2022-03-03 (11 days ago)
InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012)
SourcePackage: strongswan
UpgradeStatus: No upgrade log present (probably fresh install)

Related branches

Revision history for this message
Vincent Batts (vbatts) wrote :
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks for taking the time to report the bug.

I can easily verify it here. Here's a step-by-step reproducer:

$ lxc launch ubuntu-daily:jammy ipsec-bug1964977
$ lxc shell ipsec-bug1964977
# apt update && apt full-upgrade -y
# apt install strongswan strongswan-pki
# ipsec pki --gen --size 4096 --outform pem

Changed in strongswan (Ubuntu Jammy):
status: New → Triaged
importance: Undecided → Medium
tags: added: server-todo
Changed in strongswan (Ubuntu Jammy):
assignee: nobody → Sergio Durigan Junior (sergiodj)
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Verified that the patch provided by:

https://github.com/strongswan/strongswan/commit/3eecd40cec6415fc033f8d9141ab652047e71524

fixes the issue. I'm preparing an MP.

Revision history for this message
Vincent Batts (vbatts) wrote :

👍️

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package strongswan - 5.9.5-2ubuntu2

---------------
strongswan (5.9.5-2ubuntu2) jammy; urgency=medium

  * d/p/lp1964977-fix-ipsec-pki-segfault.patch: Fix "ipsec pki"
    segmentation fault; don't access OpenSSL objects inside atexit()
    handlers. (LP: #1964977)

 -- Sergio Durigan Junior <email address hidden> Fri, 18 Mar 2022 14:24:34 -0400

Changed in strongswan (Ubuntu Jammy):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers