Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 232508

Summary: LSPP: racoon segfaults between a 64bit platfom and a 32 bit platform.
Product: Red Hat Enterprise Linux 5 Reporter: Joy Latten <latten>
Component: ipsec-toolsAssignee: Steve Conklin <sconklin>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: benl, eparis, iboverma, krisw, linda.knippers, sgrubb
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHSA-2007-0342 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-06-27 14:18:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 234654, 224041    
Attachments:
Description Flags
Patch to fix racoon segfault between 32bit and 64bit machines. none

Description Joy Latten 2007-03-15 19:59:59 UTC
Description of problem:
Racoon daemon built on a 64-bit platform segfaults when setting the security
context into a proposal from a 32 bit platform. 

Version-Release number of selected component (if applicable):
ipsec-tools-0.6.5-6

How reproducible:
Happens all the time when negotiating between a 64-bit and 32-bit built app.

Steps to Reproduce:
1.setup ipsec policy between a ppc (with 32 bit apps) and a x86_64 (with 64-bit
apps)
2. start racoon on both machines
3. do a ping from a 64-bit to 32-bit or vice versa
  
Actual results:
(gdb) where
#0  0x0fec7354 in _wordcopy_fwd_aligned () from /lib/libc.so.6
#1  0x0fec7270 in memcpy () from /lib/libc.so.6
#2  0x100423e4 in set_secctx_in_proposal (iph2=<value optimized out>, spidx=
        {dir = 2 '\002', src = {ss_family = 2, __ss_align = 151239991,
__ss_padding = '\0' <repeats 119 times>}, dst = {ss_family = 2, __ss_align =
151240405, __ss_padding = '\0' <repeats 119 times>}, prefs = 32 ' ', prefd = 32
' ', ul_proto = 255, priority = 0, sec_ctx = {ctx_doi = 1 '\001', ctx_alg = 1
'\001', ctx_strlen = 10752, ctx_str =
"ealuser_u:sysadm_r:ping_t:s0-s15:c0.c1023\000\000\000\000\000\000\000\000"}})
at security.c:170
#3  0x10013fb0 in quick_r1recv (iph2=0x1008b530, msg0=0x1008b9f8)
    at isakmp_quick.c:2133
#4  0x22000482 in ?? ()
#5  0x10009140 in isakmp_ph2begin_r (iph1=0x1008a178, msg=0x1008b9f8)
    at isakmp.c:1298
in isakmp_main (msg=0x1008b9f8, remote=0xfd44e73c,
    local=0xfd44e7bc) at isakmp.c:652
#7  0x1000a9ac in isakmp_handler (so_isakmp=<value optimized out>)
    at isakmp.c:359
#8  0x10004c3c in session () at session.c:211
#9  0x100044ac in main (ac=4, av=<value optimized out>) at main.c:247
(gdb)

Comment 1 Joy Latten 2007-03-15 20:12:10 UTC
I have fixed this. Will send fix shortly.

Comment 4 Joy Latten 2007-03-19 23:39:10 UTC
Created attachment 150444 [details]
Patch to fix racoon segfault between 32bit and 64bit machines.

Patch to fix racoon segfault.

Comment 5 Joy Latten 2007-03-19 23:41:28 UTC
Eric, let me know if you would prefer inline text rather than the attachment.

Comment 9 Harald Hoyer 2007-03-21 09:33:14 UTC
test rpms with the patch:
http://people.redhat.com/harald/downloads/ipsec-tools/ipsec-tools-0.6.5-6.2.el5

Comment 10 Steve Grubb 2007-03-30 18:33:10 UTC
Joy, does this one re-test ok? Thanks.

Comment 11 Joy Latten 2007-04-02 17:12:35 UTC
This tested successfully between a ppc with 32-bit ipsec-tools-0.6.5-6.2.el5
and a 64-bit ipsec-tools-0.6.5-6.2.el5 on an x86_64, both having 72 kernel.