Package: libreswan
Version: 3.27-6
Severity: important
Dear Maintainer,
upgraded to buster from jessie
systemctl start ipsec reported a failure
narrowed the cause down to addconn crashing as invoked by ipsec.service
ran:
/usr/lib/ipsec/addconn --config ./ipsec.conf.nioffice --checkconfig
result:
free(): double free detected in tcache 2
Aborted
downloaded the libreswan-3.29 tarball from libreswan wiki and created debian
package using make deb.
installed 3.29 version deb and problem went away.
copied up problem ipsec.conf to router running the stock buster 3.27 and ran
addconn --checkconfig against it with the same result.
narrowed it down to two lines in the last 'conn'
as below with all irrelevant info omitted.
conn %default
ike=aes256-sha2_512;modp1024
phase2alg=aes256-sha2_512;modp1024
conn site1
ike=aes256-sha2_512;modp1024
phase2alg=aes256-sha2_512;modp1024
conn site2
ike=aes256-sha2_512;modp1024
phase2alg=aes256-sha2_512;modp1024
as the default wasn't really the default anymore, I moved the identical site1
and site2 lines into %default and removed them from the 'site' conns and
addconn --checkconfig worked fine.
But it really should have been able to parse the original ipsec.conf.
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 4.19.0-5-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libreswan depends on:
ii bind9-host [host] 1:9.11.5.P4+dfsg-5.1
ii bsdmainutils 11.1.2+b1
ii debconf [debconf-2.0] 1.5.71
ii dns-root-data 2019031302
ii host 1:9.10.3.dfsg.P4-12.3+deb9u5
ii iproute2 4.20.0-2
ii iptables 1.8.2-4
ii libaudit1 1:2.8.4-3
ii libc6 2.28-10
ii libcap-ng0 0.7.9-2
ii libcurl3-nss 7.64.0-4
ii libevent-2.1-6 2.1.8-stable-4
ii libevent-pthreads-2.1-6 2.1.8-stable-4
ii libldap-2.4-2 2.4.47+dfsg-3
ii libldns2 1.7.0-4
ii libnspr4 2:4.20-1
ii libnss3 2:3.42.1-1
ii libnss3-tools 2:3.42.1-1
ii libpam0g 1.3.1-5
ii libselinux1 2.8-1+b1
ii libsystemd0 241-5
ii libunbound8 1.9.0-2
ii systemd 241-5
Versions of packages libreswan recommends:
ii python3 3.7.3-1
libreswan suggests no packages.
-- Configuration Files:
/etc/init.d/ipsec [Errno 2] No such file or directory: '/etc/init.d/ipsec'
/etc/ipsec.conf changed [not included]
/etc/ipsec.d/policies/block changed [not included]
/etc/ipsec.d/policies/clear changed [not included]
/etc/ipsec.d/policies/clear-or-private changed [not included]
/etc/ipsec.d/policies/private changed [not included]
/etc/ipsec.d/policies/private-or-clear changed [not included]
/etc/ipsec.secrets changed [not included]
-- no debconf information
