Opened 18 months ago

Closed 5 months ago

#613 closed Bug / Defect (worksforme)

OpenVPN crashes with SIGSEGV when no certificate available

Reported by: r.sokoll Owned by: cron2
Priority: minor Milestone: release 2.3.12
Component: Generic / unclassified Version: 2.3.5
Severity: Not set (if unsure, select this one) Keywords:
Cc: dazo

Description

# /usr/local/openvpn/sbin/openvpn --version
OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec  4 2014
library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.06

If I try to start openvpn from the command line, it crashes with SIGSEGV, see the output from strace:

access("/usr/local/openvpn/conf/keys/dh2048.pem", R_OK) = 0
access("/usr/local/openvpn/conf/keys-new/cert.cabundle", R_OK) = 0
access("/usr/local/openvpn/conf/keys-new/wildcard.crt", R_OK) = -1 ENOENT (No such file or directory)
fstat(1, {st_mode=S_IFREG|0600, st_size=2169, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5b24d80000
write(1, "Options error: --cert fails with"..., 108) = 108
access("/usr/local/openvpn/conf/keys-new/wildcard.key", R_OK) = -1 ENOENT (No such file or directory)
write(1, "Options error: --key fails with "..., 107) = 107
access("/usr/local/openvpn/run", R_OK|W_OK|X_OK) = 0
access("/usr/local/openvpn/run/openvpn-ish.tcp.new.pid", F_OK) = -1 ENOENT (No such file or directory)
access("/var/log/openvpn", R_OK|W_OK|X_OK) = 0
access("/var/log/openvpn/status.new.tcp", F_OK) = -1 ENOENT (No such file or directory)
access("/tmp", R_OK|W_OK|X_OK)          = 0
write(1, "Options error: Please correct th"..., 44) = 44
write(1, "Use --help for more information."..., 33) = 33
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
+++ killed by SIGSEGV +++

Obviously, it is my fault since I have wrong file names in the config.
Nevertheless, openvpn should complain and not just crash.

Change History (13)

comment:1 Changed 18 months ago by cron2

  • Cc dazo added
  • Milestone set to release 2.3.9
  • Owner set to cron2
  • Status changed from new to accepted

Thanks for the formal bug report.

I don't think it's "no certificate" (because that perfectly fine "worksforme"), my gut feeling is more like our "is this file there? no -> error!" handler isn't cleaning up properly, and two or more error messages lead to "corruption".

Copying in David, because it's his code - but I'll look into it ASAP.

Rainer, could you copy in the "normal" program output (!= strace) as well, so we can see which files exactly were missing (easier to reproduce)?

comment:2 Changed 18 months ago by r.sokoll

Program invocation:

vpngw-users:~ # /usr/local/openvpn/sbin/openvpn --config /usr/local/openvpn/conf/ish.tcp.server.new.conf
Segmentation fault
vpngw-users:~ #

The log istself is correct:

Options error: --cert fails with '/usr/local/openvpn/conf/keys-new/wildcard.crt': No such file or directory
Options error: --key fails with '/usr/local/openvpn/conf/keys-new/wildcard.key': No such file or directory
Options error: Please correct these errors.
Use --help for more information.

comment:3 Changed 18 months ago by r.sokoll

Program invocation:

vpngw-users:~ # /usr/local/openvpn/sbin/openvpn --config /usr/local/openvpn/conf/ish.tcp.server.new.conf
Segmentation fault
vpngw-users:~ #

The log istself is correct:

Options error: --cert fails with '/usr/local/openvpn/conf/keys-new/wildcard.crt': No such file or directory
Options error: --key fails with '/usr/local/openvpn/conf/keys-new/wildcard.key': No such file or directory
Options error: Please correct these errors.
Use --help for more information.

comment:4 Changed 18 months ago by cron2

this is more tricky than I thought... I tried to build a config that matches your strace output (path names, assuming an issue with name lengths or whatever) - and it behaves extremely well, that is: I get an error message, and no crash. Only 32bit/i686, but since it did not crash for me on 64bit/sparc either, it is not something totally dumb (at least :) ).

Is this a build-it-yourself openvpn, or vendor-built, possibly with "improvements"? Non-typical malloc library?

Anything special in the config file?

comment:5 Changed 18 months ago by cron2

is --chroot involved?

comment:6 Changed 18 months ago by r.sokoll

Built from sources.
I'm busy right now, will provide more information on Sunday hopefully.

comment:7 Changed 18 months ago by r.sokoll

As said, built from source. Nothing special:

vpngw-users:~ # head /usr/local/src/openvpn-2.3.6/config.log
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by OpenVPN configure 2.3.6, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  $ ./configure --prefix=/usr/local/openvpn-2.3.6/

## --------- ##
## Platform. ##
vpngw-users:~ #

The config

daemon
mode server
log-append /var/log/openvpn/log.new.tcp
status /var/log/openvpn/status.new.tcp 60
port 4443
proto tcp-server
dev tun
tls-server
comp-lzo
ca /usr/local/openvpn/conf/keys-new/cert.cabundle
cert /usr/local/openvpn/conf/keys-new/wildcard.crt
key /usr/local/openvpn/conf/keys-new/wildcard.key
dh /usr/local/openvpn/conf/keys/dh2048.pem
ifconfig 10.0.1.1 10.0.1.2
ifconfig-pool 10.0.1.4  10.0.1.255
push "route 10.0.1.1 255.255.255.255"
push "redirect-gateway"
push "dhcp-option DOMAIN <redacted>"
push "dhcp-option DNS <redacted>"
push "dhcp-option DNS <redacted>"
push "dhcp-option WINS <redacted>"
push "dhcp-option WINS <redacted>"
push "dhcp-option NBT 2"
inactive 600
route 10.0.1.0 255.255.255.0
persist-key
persist-tun
ping-timer-rem
ping-restart 60
ping 10
writepid /usr/local/openvpn/run/openvpn-ish.tcp.new.pid
verb 3
plugin /lib/security/openvpn-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
duplicate-cn

comment:8 Changed 17 months ago by dazo

Can you please run openvpn via gdb and retrieve the backtrace?

   # gdb /path/to/openvpn --args /path/to/openvpn --config vpn.conf
   ...
   ...
   gdb> bt
   ...
   ...
Last edited 17 months ago by dazo (previous) (diff)

comment:9 Changed 16 months ago by cron2

Rainer, we need your help here - I did my best to make it crash or misbehave, but it doesn't do so for me. So it's something special to your machine (compiler version, ...) that is triggering it. Any chance to run from gdb and get a backtrace out?

comment:10 Changed 16 months ago by cron2

  • Milestone changed from release 2.3.9 to release 2.3.10

comment:11 Changed 11 months ago by samuli

  • Milestone changed from release 2.3.10 to release 2.3.12

comment:12 Changed 7 months ago by dazo

ping r.sokoll? We truly need a backtrace as we're not able to reproduce this easily ourselves.

comment:13 Changed 5 months ago by cron2

  • Resolution set to worksforme
  • Status changed from accepted to closed

Closing. We cannot reproduce it, and without your help, there is no way to figure out what is (was) going on. Sorry.

Note: See TracTickets for help on using tickets.