Modify

Opened 3 years ago

Closed 3 years ago

#19101 closed defect (fixed)

OpenVPN: segmentation fault

Reported by: amqamq Owned by: developers
Priority: normal Milestone:
Component: packages Version: Trunk
Keywords: Cc:

Description

Hello, I have built the latest trunk (r44597), but there seem to be some problem with OpenVPN:

Thu Mar  5 08:43:54 2015 OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL (PolarSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar  4 2015
Thu Mar  5 08:43:54 2015 library versions: PolarSSL 1.3.10, LZO 2.08
Thu Mar  5 08:43:54 2015 WARNING: file '/etc/openvpn/pass.txt' is group or others accessible
Thu Mar  5 08:43:54 2015 Socket Buffers: R=[393216->131072] S=[393216->131072]
Thu Mar  5 08:43:54 2015 UDPv4 link local: [undef]
Thu Mar  5 08:43:54 2015 UDPv4 link remote: [AF_INET]109.201.154.193:1194
Thu Mar  5 08:43:54 2015 TLS: Initial packet from [AF_INET]censored:1194, sid=e4c3a780 c84ea8d5
Thu Mar  5 08:43:54 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Segmentation fault

.config used: http://paste.debian.net/141736

The same .config and router configuration worked with r44077

Attachments (0)

Change History (8)

comment:1 Changed 3 years ago by amqamq

OpenVPN version on r44077:

Thu Mar  5 08:32:07 2015 OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL (PolarSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 22 2015
Thu Mar  5 08:32:07 2015 library versions: PolarSSL 1.3.9, LZO 2.08

I have also posted a bug report on community.openvpn.net: https://community.openvpn.net/openvpn/ticket/524#ticket

Last edited 3 years ago by amqamq (previous) (diff)

comment:2 Changed 3 years ago by amqamq

Looks like a solution here: /ticket/19104.html

comment:3 Changed 3 years ago by amqamq

I can confirm that OpenVPN is also crashing on r44480 (the last revision before the switch to 3.18).

comment:4 Changed 3 years ago by amqamq

openvpn-polarssl is still broken in r44870, even with the suggestions from /ticket/19104.html

comment:5 Changed 3 years ago by James W

Still not working in trunk. Can this please be looked at :)

The posted suggestion (/ticket/19104.html) doesn't do anything to resolve.

Much appreciated!

Thanks

James

comment:6 Changed 3 years ago by anonymous

The problem seems to be caused by mbedtls-1.3.10/library/ssl_tls.c:4853
In my case ssl->transform_out is NULL (while establishing the connection), which makes "&ssl->transform_out->cipher_ctx_enc" crash OpenVPN.

comment:7 Changed 3 years ago by anonymous

Till we are waiting for a proper fix (see https://github.com/ARMmbed/mbedtls/pull/185), this issue can be worked around by a simple patch for the polarssl package which disables the 1/n-1 record splitting introduced in 1.3.10:

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 6bfa705..48d956a 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -953,7 +953,7 @@
  *
  * Comment this macro to disable 1/n-1 record splitting.
  */
-#define POLARSSL_SSL_CBC_RECORD_SPLITTING
+//#define POLARSSL_SSL_CBC_RECORD_SPLITTING
 
 /**
  * \def POLARSSL_SSL_DISABLE_RENEGOTIATION

comment:8 Changed 3 years ago by nbd

  • Resolution set to fixed
  • Status changed from new to closed

fixed in r45602

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.