Bug#575757: openswan: showhostkey segfault with 3DES-encrypted host key

Sun, 28 Mar 2010 16:34:53 -0700 

Package: openswan
Version: 1:2.6.23+dfsg-1
Severity: normal
Tags: patch

Running `ipsec showhostkey --list` with a 3DES-encrypted host key
results in a segfault with the following backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x08056481 in pem_decrypt (blob=0xbfffd3cc, iv=0xbfffc310, 
    pass=0xbfffe6c0, label=0xbfffc3cc "/etc/ipsec.d/private/kevinzilla.pem")
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/pem.c:323
#2  0x08056920 in pemtobin (blob=0xbfffd3cc, pass=0xbfffe6c0, 
    label=0xbfffc3cc "/etc/ipsec.d/private/kevinzilla.pem", pgp=0xbfffd3d4)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/pem.c:475
#3  0x0805548e in load_coded_file (
    filename=0xbfffc3cc "/etc/ipsec.d/private/kevinzilla.pem", 
    pass=0xbfffe6c0, verbose=0, type=0x80742fa "private key", blob=0xbfffd3cc, 
    pgp=0xbfffd3d4)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/certload.c:127
#4  0x08055661 in load_rsa_private_key (
    filename=0xbfffd420 "/etc/ipsec.d/private/kevinzilla.pem", verbose=0, 
    pass=0xbfffe6c0)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/certload.c:181
#5  0x0804eefd in osw_process_rsa_keyfile (psecrets=0xbfffe708, verbose=0, 
    rsak=0x8085338, pass=0xbfffe6c0)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/secrets.c:807
#6  0x0804fa1f in process_secret (psecrets=0xbfffe708, verbose=0, s=0x8085328, 
    pass=0xbfffe6c0)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/secrets.c:1123
#7  0x0804ff32 in osw_process_secret_records (psecrets=0xbfffe708, verbose=0, 
    pass=0xbfffe6c0)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/secrets.c:1272
#8  0x080503bd in osw_process_secrets_file (psecrets=0xbfffe708, verbose=0, 
    file_pat=0xbfffe70c "/etc/ipsec.secrets", pass=0xbfffe6c0)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/secrets.c:1395
#9  0x0805058d in osw_load_preshared_secrets (psecrets=0xbfffe708, verbose=0, 
    secrets_file=0xbfffe70c "/etc/ipsec.secrets", pass=0xbfffe6c0)
    at /tmp/buildd/openswan-2.6.23+dfsg/lib/libopenswan/secrets.c:1460
#10 0x0804a537 in main (argc=2, argv=0xbffff804)
    at /tmp/buildd/openswan-2.6.23+dfsg/programs/showhostkey/showhostkey.c:506

This is caused by oswcrypto.des_set_key being NULL at
lib/libopenswan/pem.c:226 due to load_oswcrypto never being called.

The attached patch adds a call to load_oswcrypto into main just
before osw_load_preshared_secrets.  It solves the problem on my
system, although I am not sure if there might be a better place for
the call (if lazier initialization is desired).

Cheers,
Kevin


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.33-kevinoid2 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openswan depends on:
ii  bind9-host [host]      1:9.6.1.dfsg.P3-1 Version of 'host' bundled with BIN
ii  bsdmainutils           8.0.8             collection of more utilities from 
ii  debconf [debconf-2.0]  1.5.28            Debian configuration management sy
ii  debianutils            3.2.2             Miscellaneous utilities specific t
ii  iproute                20100224-3        networking and traffic control too
ii  libc6                  2.10.2-6          Embedded GNU C Library: Shared lib
ii  libcurl3               7.20.0-1          Multi-protocol file transfer libra
ii  libgmp3c2              2:4.3.2+dfsg-1    Multiprecision arithmetic library
ii  libldap-2.4-2          2.4.17-2.1        OpenLDAP libraries
ii  libpam0g               1.1.1-2           Pluggable Authentication Modules l
ii  openssl                0.9.8m-2          Secure Socket Layer (SSL) binary a

openswan recommends no packages.

Versions of packages openswan suggests:
ii  curl                          7.20.0-1   Get a file from an HTTP, HTTPS or 
pn  openswan-modules-source | lin <none>     (no description available)

-- debconf information excluded

--- openswan-2.6.23+dfsg.orig/programs/showhostkey/showhostkey.c	2009-09-08 18:42:54.000000000 -0600
+++ openswan-2.6.23+dfsg/programs/showhostkey/showhostkey.c	2010-03-28 16:52:48.005024302 -0600
@@ -38,6 +38,7 @@
 
 #include "constants.h"
 #include "oswalloc.h"
+#include "oswcrypto.h"
 #include "oswlog.h"
 #include "oswconf.h"
 #include "secrets.h"
@@ -503,6 +504,8 @@
    PK11_SetPasswordFunc(getNSSPassword); 
 #endif
 
+   load_oswcrypto();
+
     osw_load_preshared_secrets(&host_secrets, verbose>0?TRUE:FALSE,
 			       secrets_file, &pass);

Reply via email to