Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segfault with "multihome" option and dco enabled #390

Closed
MertenF opened this issue Aug 11, 2023 · 4 comments
Closed

Segfault with "multihome" option and dco enabled #390

MertenF opened this issue Aug 11, 2023 · 4 comments
Labels
bug DCO

Comments

@MertenF
Copy link

MertenF commented Aug 11, 2023

Describe the bug
The server is running in TCP mode, the "multihome" option is declared in the config and the ovpn_dco_v2 kernel module is loaded. When a client then connects to the server, openvpn gives a segfault and crashes.
This crash can be prevented by one of the following actions:

  • Removing "multihome" option
  • Adding "disable-dco" option
  • Running the server in UDP mode (Connecting and transferring data works, but this gives a lot of other problems with the DCO kernel module)

Expected behavior
Clients can connect without the server crashing.

To Reproduce
Server config:

port 4433
proto tcp-server
dev vpn
dev-type tun
multihome
ca /ub/etc/openvpn/openvpn_chain.pem
cert /ub/etc/openvpn/openvpn_cert.pem
key /ub/etc/openvpn/openvpn_key.pem
dh /ub/etc/openvpn/openvpn_dh.pem
server 10.255.253.0 255.255.255.0
persist-key
status /var/log/openvpn-status.log 5
writepid /var/run/openvpn.pid
verb 3
script-security 2
management /ub/etc/openvpn/openvpn-server.sock unix
crl-verify /ub/etc/openvpn/openvpn_crl dir
topology subnet

Version information (please complete the following information):

  • Linux kernel: 5.10.161 (Custom kernel config)
  • OpenVPN: 2.6.5 (Compiled from source)
  • DCO module: 0.2.20230426
  • OpenSSL: 1.1.1s (Also tested with OpenSSL 3.0.9)
./openvpn --version
OpenVPN 2.6.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] [DCO]
library versions: OpenSSL 1.1.1s  1 Nov 2022, LZO 2.10
DCO version: 2.0.0
Originally developed by James Yonan
Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push='no' enable_comp_stub='no' enable_crypto_ofb_cfb='yes' enable_dco='yes' enable_dco_arg='yes' enable_debug='yes' enable_dlopen='unknown' enable_dlopen_self='unknown' enable_dlopen_self_static='unknown' enable_fast_install='yes' enable_fragment='yes' enable_iproute2='no' enable_libtool_lock='yes' enable_lz4='yes' enable_lzo='yes' enable_management='yes' enable_pam_dlopen='no' enable_pedantic='no' enable_pkcs11='no' enable_plugin_auth_pam='yes' enable_plugin_down_root='yes' enable_plugins='yes' enable_port_share='yes' enable_selinux='no' enable_shared='yes' enable_shared_with_static_runtimes='no' enable_small='no' enable_static='yes' enable_strict='no' enable_strict_options='no' enable_systemd='no' enable_werror='no' enable_win32_dll='yes' enable_wolfssl_options_h='yes' enable_x509_alt_username='no' with_aix_soname='aix' with_crypto_library='openssl' with_gnu_ld='yes' with_mem_check='no' with_openssl_engine='auto' with_sysroot='no'

Logs and debug
Gdb stackstrace:

(gdb) bt
#0  0x000055555556dd63 in dco_multi_get_localaddr (m=0x7fffffffc440, local=0x7fffffffc180, mi=0x55555567d670) at dco.c:519
#1  dco_multi_add_new_peer (m=m@entry=0x7fffffffc440, mi=mi@entry=0x55555567d670) at dco.c:593
#2  0x0000555555598522 in multi_client_setup_dco_initial (gc=0x7fffffffc240, mi=0x55555567d670, m=0x7fffffffc440) at multi.c:2342
#3  multi_client_connect_late_setup (option_types_found=<optimized out>, mi=0x55555567d670, m=0x7fffffffc440) at multi.c:2496
#4  multi_connection_established (mi=0x55555567d670, m=0x7fffffffc440) at multi.c:2777
#5  multi_process_post (m=m@entry=0x7fffffffc440, mi=0x55555567d670, flags=flags@entry=9) at multi.c:3071
#6  0x0000555555599732 in multi_process_incoming_link (m=m@entry=0x7fffffffc440, instance=instance@entry=0x55555567d670, mpp_flags=mpp_flags@entry=9) at multi.c:3516
#7  0x0000555555590823 in multi_tcp_dispatch (action=<optimized out>, mi=0x55555567d670, m=0x7fffffffc440) at mtcp.c:493
#8  multi_tcp_action (m=m@entry=0x7fffffffc440, mi=0x55555567d670, action=<optimized out>, action@entry=1, poll=<optimized out>, poll@entry=false) at mtcp.c:635
#9  0x00005555555912b7 in multi_tcp_process_io (m=0x7fffffffc440) at mtcp.c:710
#10 tunnel_server_tcp (top=<optimized out>) at mtcp.c:843
#11 0x000055555559a4f9 in tunnel_server (top=top@entry=0x7fffffffd700) at multi.c:4163
#12 0x000055555559e8e9 in openvpn_main (argc=3, argv=0x7fffffffe978) at openvpn.c:319
#13 0x00007ffff79ee1f7 in ?? () from /ub/lib/libc.so.6
#14 0x00007ffff79ee2ac in __libc_start_main () from /ub/lib/libc.so.6
#15 0x0000555555560c41 in _start () at ../sysdeps/x86_64/start.S:115

dco.c:519     struct link_socket_actual *actual = &c->c2.link_socket_info->lsa->actual;

Server logs with --verb 9: https://gist.github.com/MertenF/3fadb7a74d580c697bc182a5ac0e86af
@cron2
Copy link
Contributor

cron2 commented Aug 11, 2023

Good catch, and should be fairly easy to reproduce.

--multihome is strictly speaking not ever needed for TCP connections, but should, obviously, not lead to a crash.

@ordex @schwabe any ideas?

@ordex
Copy link
Member

ordex commented Aug 15, 2023

fix sent to the mailing list: https://patchwork.openvpn.net/project/openvpn2/patch/20230815231555.6465-1-a@unstable.cc/

@jccr1989
Copy link

Removing "multihome" option
Adding "disable-dco" option

@cron2
Copy link
Contributor

cron2 commented Sep 10, 2023

commit 0793eb1 (master)
commit 70ef43f (release/2.6)
Author: Antonio Quartulli
Date: Wed Aug 16 01:15:55 2023 +0200

 dco: fix crash when --multihome is used with --proto tcp

patch has been merged, and will be part of OpenVPN 2.6.7 release "some time in late September"

cron2 pushed a commit that referenced this issue Sep 10, 2023
@ordex @cron2
dco: fix crash when --multihome is used with --proto tcp
70ef43f 
Although it's a combination of options that is not really useful,
when specifying --multihome along with --proto tcp and DCO is enabled,
OpenVPN will crash while attempting to access c2.link_socket_actual
(NULL for the TCP case) in order to retrieve the local address (in
function dco_multi_get_localaddr())

Prevent crash by running this code only if proto is UDP.
The same check is already performed in socket.c/h for the non-DCO
case.

Github: fixes #390
Change-Id: I61adc26ce2ff737e020c3d980902a46758cb23e5
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230815231555.6465-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26953.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 0793eb1)
@cron2 cron2 closed this as completed in 0793eb1 Sep 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug DCO
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ordex @cron2 @MertenF @jccr1989