Re: iked control process crash at startup

Tue, 25 Nov 2014 08:59:30 -0800 

On Tue, Nov 25, 2014 at 17:35, Mike Belopuhov wrote:
> On Tue, Nov 25, 2014 at 13:11 +0100, Vincent Gross wrote:
>> Hi tech@,
>>
>> I've been using iked for some weeks to tunnel my laptop to home over 3G.
>> Sunday I upgraded my laptop to the latest snapshot; previous upgrade was
>> about 2 or 3 weeks ago. When I started iked, it crashed randomly, as in
>> one time it runs just fine and completes the handshake, the other it
>> crashes before even sending the first packet.
>>
>> I ran "ktrace -di /sbin/iked" and kdump'd the resulting file. Of the 5
>> processes, 4 finished by calling exit(0), one was terminated on a
>> SIGSEGV. As it is also the only one that do stuff on /var/run/iked.sock,
>> it is the control process. I repeated the above ktrace 4 times and got
>> consistent results: SIGSEGV'd control process.
>>
>> I'll keep the hunt going, but I am not sure how long this will take nor
>> how much time I'll have to spare, so here is the control process kdump.
>>
>> Cheers,
>>
>> --
>> Vincent
>>
> 
> seƱior pedro@ was kind enough to send a potential fix for this.
> this will be commited soon.

This looks a bit weird. What about

> 
> 
> diff --git sbin/iked/ca.c sbin/iked/ca.c
> index e43b58b..a008f99 100644
> --- sbin/iked/ca.c
> +++ sbin/iked/ca.c
> @@ -534,7 +534,7 @@ ca_reload(struct iked *env)
> X509_OBJECT           *xo;
> X509                  *x509;
> DIR                   *dir;
> -     int                      i, len, iovcnt = 2;
> +     int                      i, len, iovcnt = 0;

iovcnt = 1;

> 
> /*
> * Load CAs
> @@ -620,8 +620,10 @@ ca_reload(struct iked *env)
> env->sc_certreqtype = IKEV2_CERT_X509_CERT;
> iov[0].iov_base = &env->sc_certreqtype;
> iov[0].iov_len = sizeof(env->sc_certreqtype);
> +             iovcnt++;
> iov[1].iov_base = ibuf_data(env->sc_certreq);
> iov[1].iov_len = ibuf_length(env->sc_certreq);
> +             iovcnt++;

iovcnt = 2;

> 
> log_debug("%s: loaded %zu ca certificate%s", __func__,
> ibuf_length(env->sc_certreq) / SHA_DIGEST_LENGTH,
> @@ -677,6 +679,8 @@ ca_reload(struct iked *env)
> 
> iov[0].iov_base = &env->sc_certreqtype;
> iov[0].iov_len = sizeof(env->sc_certreqtype);
> +     if (iovcnt == 0)
> +             iovcnt++;

delete this line.

> (void)proc_composev_imsg(&env->sc_ps, PROC_IKEV2, -1,
> IMSG_CERTREQ, -1, iov, iovcnt);

It's a matter of taste, but it seems we don't need to increment a
counter when we can easily see all possible values it could take.

Reply via email to