[Bug 275980] security/strongswan 5.9.13 for FreeBSD 14.0 amd64 crashes at startup

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 275980] security/strongswan"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 29 Dec 2023 09:50:20 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275980

--- Comment #2 from Andrey Kiryanov <dronmbi@gtn.ru> ---
Hi,

I have tried switching back and forth between 5.9.11 and 5.9.13 multiple times,
and without fail 5.9.11 works just fine and 5.9.13 crashes with signal 11.
There are no leftover charon processes.

Here's what it writes to the log just before crash:

Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[DMN] Starting IKE charon
daemon (strongSwan 5.9.13, FreeBSD 14.0-RELEASE-p2, amd64)
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'aes': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'eap-radius':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'xauth-eap':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 01[LIB] created thread 01
[33e502612e00]
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 01[LIB] resolving
'%s.plugins.eap-gtc.pam_service' failed: Address family not recognized
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 01[LIB] resolving
'%s.plugins.xauth-pam.pam_service' failed: Name does not resolve
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 01[LIB] resolving
'%s.plugins.xauth-pam.session' failed: Name does not resolve
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'xauth-pam':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'des': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'blowfish':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'rc2': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'sha2': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'sha1': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'md4': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'md5': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'random':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'nonce': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'x509': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'revocation':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'constraints':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'pubkey':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'pkcs1': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'pkcs7': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'pkcs12':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'pgp': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'dnskey':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'sshkey':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'pem': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] providers loaded by
OpenSSL: legacy default
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'openssl':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'pkcs8': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'fips-prf':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'curve25519':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'xcbc': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'cmac': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'hmac': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'kdf': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'gcm': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'drbg': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] available TLS backends
in libcurl: openssl
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'curl': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'attr': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'kernel-pfkey':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin
'kernel-pfroute': loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[CFG] using
'/sbin/resolvconf' to install DNS servers
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'resolve':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin
'socket-default': loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'stroke':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'vici': loaded
successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'updown':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'eap-identity':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'eap-md5':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'eap-mschapv2':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'eap-tls':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'eap-ttls':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'eap-peap':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin
'xauth-generic': loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[JOB] adding fd 8[r] to
watcher
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'whitelist':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'addrblock':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] plugin 'counters':
loaded successfully
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] loading feature
CUSTOM:libcharon in plugin 'charon'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]   loading feature
NONCE_GEN in plugin 'nonce'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]     loading feature
RNG:RNG_WEAK in plugin 'openssl'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]     loading feature
RNG:RNG_STRONG in plugin 'random'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]     loading feature
RNG:RNG_STRONG in plugin 'openssl'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]     loading feature
RNG:RNG_TRUE in plugin 'random'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]   loading feature
CUSTOM:libcharon-sa-managers in plugin 'charon'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]     loading feature
HASHER:HASH_SHA1 in plugin 'sha1'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]     loading feature
HASHER:HASH_SHA1 in plugin 'openssl'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]   loading feature
CUSTOM:libcharon-receiver in plugin 'charon'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]     loading feature
CUSTOM:socket in plugin 'socket-default'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]       loading feature
CUSTOM:kernel-ipsec in plugin 'kernel-pfkey'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[JOB] adding fd 12[r] to
watcher
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[KNL] unable to set
UDP_ENCAP: Invalid argument
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[NET] enabling UDP
decapsulation for IPv6 on port 4500 failed
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]   loading feature
CUSTOM:kernel-net in plugin 'kernel-pfroute'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[JOB] adding fd 17[r] to
watcher
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[KNL] known interfaces and
IP addresses:
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[KNL]   bge1
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[KNL]     <ipv4 addr here>
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[KNL]     <ipv6 addr here>
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] loading feature
CRYPTER:AES_CBC-16 in plugin 'aes'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] loading feature
CRYPTER:AES_CBC-24 in plugin 'aes'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] loading feature
CRYPTER:AES_CBC-32 in plugin 'aes'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] loading feature
CRYPTER:AES_ECB-16 in plugin 'aes'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] loading feature
CRYPTER:AES_ECB-24 in plugin 'aes'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] loading feature
CRYPTER:AES_ECB-32 in plugin 'aes'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB] loading feature
EAP_SERVER:RAD in plugin 'eap-radius'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]   loading feature
CUSTOM:eap-radius in plugin 'eap-radius'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]     loading feature
HASHER:HASH_MD5 in plugin 'md5'
Dec 29 12:38:44 <kern.info> nas kernel: pid 34833 (charon), jid 0, uid 0:
exited on signal 11 (no core dump - bad address)
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]     loading feature
HASHER:HASH_MD5 in plugin 'openssl'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]     loading feature
SIGNER:HMAC_MD5_128 in plugin 'openssl'
Dec 29 12:38:44 <daemon.info> nas charon[34833]: 00[LIB]     loading feature
SIGNER:HMAC_MD5_128 in plugin 'hmac'

So it crashes somewhere inside eap-radius. Switching off eap-radius plugin in
/usr/local/etc/strongswan.d/charon/eap-radius.conf solves the issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.