pki segmentation fault on openssl plugin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Fix Released
|
Medium
|
Sergio Durigan Junior | ||
Jammy |
Fix Released
|
Medium
|
Sergio Durigan Junior |
Bug Description
Found while generating certificates
```
ipsec pki --gen --size 4096 --outform pem
Segmentation fault (core dumped)
```
upon reviewing the core dump it looks like when the openssl plugin is being unloaded there is a locking issue?
```
(gdb) bt
#0 __pthread_
#1 ___pthread_
#2 0x00007efd494ccdad in CRYPTO_
#3 0x00007efd494c0306 in ?? () from /lib/x86_
#4 0x00007efd494d3245 in ?? () from /lib/x86_
#5 0x00007efd494d468c in OSSL_PROVIDER_
#6 0x00007efd49768e71 in ?? () from /usr/lib/
#7 0x00007efd49e91142 in plugin_
#8 0x00007efd49e93461 in unload (this=this@
#9 0x00007efd49e934cd in destroy (this=0x55a2071
#10 0x00007efd49e7a2f8 in library_deinit () at /build/
#11 0x00007efd49c65495 in __run_exit_handlers (status=0, listp=0x7efd49e
at ./stdlib/exit.c:113
#12 0x00007efd49c65610 in __GI_exit (status=<optimized out>) at ./stdlib/exit.c:143
#13 0x00007efd49c49d97 in __libc_
#14 0x00007efd49c49e40 in __libc_
stack_
#15 0x000055a205eaad25 in _start ()
```
related: https:/
and even better, it looks like it was fixed upstream a couple weeks ago: https:/
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: strongswan-pki 5.9.5-2ubuntu1
ProcVersionSign
Uname: Linux 5.15.0-22-generic x86_64
ApportVersion: 2.20.11-0ubuntu79
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Tue Mar 15 10:46:07 2022
InstallationDate: Installed on 2022-03-03 (11 days ago)
InstallationMedia: Ubuntu 21.10 "Impish Indri" - Release amd64 (20211012)
SourcePackage: strongswan
UpgradeStatus: No upgrade log present (probably fresh install)
Related branches
- git-ubuntu bot: Approve
- Sergio Durigan Junior (community): Approve
- Canonical Server: Pending requested
-
Diff: 2040 lines (+1781/-3)6 files modifieddebian/changelog (+1753/-0)
debian/control (+8/-3)
debian/libcharon-extra-plugins.install (+6/-0)
debian/libcharon-extra-plugins.maintscript (+8/-0)
debian/libstrongswan-extra-plugins.install (+3/-0)
debian/rules (+3/-0)
- Simon Déziel (community): Approve (drive-by ;))
- Canonical Server packageset reviewers: Pending requested
- Canonical Server: Pending requested
-
Diff: 120 lines (+98/-0)3 files modifieddebian/changelog (+8/-0)
debian/patches/lp1964977-fix-ipsec-pki-segfault.patch (+89/-0)
debian/patches/series (+1/-0)
tags: | added: server-todo |
Changed in strongswan (Ubuntu Jammy): | |
assignee: | nobody → Sergio Durigan Junior (sergiodj) |
Thanks for taking the time to report the bug.
I can easily verify it here. Here's a step-by-step reproducer:
$ lxc launch ubuntu-daily:jammy ipsec-bug1964977
$ lxc shell ipsec-bug1964977
# apt update && apt full-upgrade -y
# apt install strongswan strongswan-pki
# ipsec pki --gen --size 4096 --outform pem