Opened 8 years ago

Closed 7 years ago

#613 closed Bug / Defect (worksforme)

OpenVPN crashes with SIGSEGV when no certificate available

Reported by: r.sokoll Owned by: Gert Döring
Priority: minor Milestone: release 2.3.12
Component: Generic / unclassified Version: OpenVPN 2.3.5 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc: David Sommerseth

Description

# /usr/local/openvpn/sbin/openvpn --version
OpenVPN 2.3.6 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec  4 2014
library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.06

If I try to start openvpn from the command line, it crashes with SIGSEGV, see the output from strace:

access("/usr/local/openvpn/conf/keys/dh2048.pem", R_OK) = 0
access("/usr/local/openvpn/conf/keys-new/cert.cabundle", R_OK) = 0
access("/usr/local/openvpn/conf/keys-new/wildcard.crt", R_OK) = -1 ENOENT (No such file or directory)
fstat(1, {st_mode=S_IFREG|0600, st_size=2169, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5b24d80000
write(1, "Options error: --cert fails with"..., 108) = 108
access("/usr/local/openvpn/conf/keys-new/wildcard.key", R_OK) = -1 ENOENT (No such file or directory)
write(1, "Options error: --key fails with "..., 107) = 107
access("/usr/local/openvpn/run", R_OK|W_OK|X_OK) = 0
access("/usr/local/openvpn/run/openvpn-ish.tcp.new.pid", F_OK) = -1 ENOENT (No such file or directory)
access("/var/log/openvpn", R_OK|W_OK|X_OK) = 0
access("/var/log/openvpn/status.new.tcp", F_OK) = -1 ENOENT (No such file or directory)
access("/tmp", R_OK|W_OK|X_OK)          = 0
write(1, "Options error: Please correct th"..., 44) = 44
write(1, "Use --help for more information."..., 33) = 33
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
+++ killed by SIGSEGV +++

Obviously, it is my fault since I have wrong file names in the config.
Nevertheless, openvpn should complain and not just crash.

Change History (13)

comment:1 Changed 8 years ago by Gert Döring

Cc: David Sommerseth added
Milestone: release 2.3.9
Owner: set to Gert Döring
Status: newaccepted

Thanks for the formal bug report.

I don't think it's "no certificate" (because that perfectly fine "worksforme"), my gut feeling is more like our "is this file there? no -> error!" handler isn't cleaning up properly, and two or more error messages lead to "corruption".

Copying in David, because it's his code - but I'll look into it ASAP.

Rainer, could you copy in the "normal" program output (!= strace) as well, so we can see which files exactly were missing (easier to reproduce)?

comment:2 Changed 8 years ago by r.sokoll

Program invocation:

vpngw-users:~ # /usr/local/openvpn/sbin/openvpn --config /usr/local/openvpn/conf/ish.tcp.server.new.conf
Segmentation fault
vpngw-users:~ #

The log istself is correct:

Options error: --cert fails with '/usr/local/openvpn/conf/keys-new/wildcard.crt': No such file or directory
Options error: --key fails with '/usr/local/openvpn/conf/keys-new/wildcard.key': No such file or directory
Options error: Please correct these errors.
Use --help for more information.

comment:3 Changed 8 years ago by r.sokoll

Program invocation:

vpngw-users:~ # /usr/local/openvpn/sbin/openvpn --config /usr/local/openvpn/conf/ish.tcp.server.new.conf
Segmentation fault
vpngw-users:~ #

The log istself is correct:

Options error: --cert fails with '/usr/local/openvpn/conf/keys-new/wildcard.crt': No such file or directory
Options error: --key fails with '/usr/local/openvpn/conf/keys-new/wildcard.key': No such file or directory
Options error: Please correct these errors.
Use --help for more information.

comment:4 Changed 8 years ago by Gert Döring

this is more tricky than I thought... I tried to build a config that matches your strace output (path names, assuming an issue with name lengths or whatever) - and it behaves extremely well, that is: I get an error message, and no crash. Only 32bit/i686, but since it did not crash for me on 64bit/sparc either, it is not something totally dumb (at least :) ).

Is this a build-it-yourself openvpn, or vendor-built, possibly with "improvements"? Non-typical malloc library?

Anything special in the config file?

comment:5 Changed 8 years ago by Gert Döring

is --chroot involved?

comment:6 Changed 8 years ago by r.sokoll

Built from sources.
I'm busy right now, will provide more information on Sunday hopefully.

comment:7 Changed 8 years ago by r.sokoll

As said, built from source. Nothing special:

vpngw-users:~ # head /usr/local/src/openvpn-2.3.6/config.log
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by OpenVPN configure 2.3.6, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  $ ./configure --prefix=/usr/local/openvpn-2.3.6/

## --------- ##
## Platform. ##
vpngw-users:~ #

The config

daemon
mode server
log-append /var/log/openvpn/log.new.tcp
status /var/log/openvpn/status.new.tcp 60
port 4443
proto tcp-server
dev tun
tls-server
comp-lzo
ca /usr/local/openvpn/conf/keys-new/cert.cabundle
cert /usr/local/openvpn/conf/keys-new/wildcard.crt
key /usr/local/openvpn/conf/keys-new/wildcard.key
dh /usr/local/openvpn/conf/keys/dh2048.pem
ifconfig 10.0.1.1 10.0.1.2
ifconfig-pool 10.0.1.4  10.0.1.255
push "route 10.0.1.1 255.255.255.255"
push "redirect-gateway"
push "dhcp-option DOMAIN <redacted>"
push "dhcp-option DNS <redacted>"
push "dhcp-option DNS <redacted>"
push "dhcp-option WINS <redacted>"
push "dhcp-option WINS <redacted>"
push "dhcp-option NBT 2"
inactive 600
route 10.0.1.0 255.255.255.0
persist-key
persist-tun
ping-timer-rem
ping-restart 60
ping 10
writepid /usr/local/openvpn/run/openvpn-ish.tcp.new.pid
verb 3
plugin /lib/security/openvpn-auth-pam.so openvpn
client-cert-not-required
username-as-common-name
duplicate-cn

comment:8 Changed 8 years ago by David Sommerseth

Can you please run openvpn via gdb and retrieve the backtrace?

   # gdb /path/to/openvpn --args /path/to/openvpn --config vpn.conf
   ...
   ...
   gdb> bt
   ...
   ...
Last edited 8 years ago by David Sommerseth (previous) (diff)

comment:9 Changed 8 years ago by Gert Döring

Rainer, we need your help here - I did my best to make it crash or misbehave, but it doesn't do so for me. So it's something special to your machine (compiler version, ...) that is triggering it. Any chance to run from gdb and get a backtrace out?

comment:10 Changed 8 years ago by Gert Döring

Milestone: release 2.3.9release 2.3.10

comment:11 Changed 8 years ago by Samuli Seppänen

Milestone: release 2.3.10release 2.3.12

comment:12 Changed 8 years ago by David Sommerseth

ping r.sokoll? We truly need a backtrace as we're not able to reproduce this easily ourselves.

comment:13 Changed 7 years ago by Gert Döring

Resolution: worksforme
Status: acceptedclosed

Closing. We cannot reproduce it, and without your help, there is no way to figure out what is (was) going on. Sorry.

Note: See TracTickets for help on using tickets.