[Bug 59813] Double free corruption crash on pptp

Felipe Alfaro Solana Sun, 10 Sep 2006 11:35:18 -0700

Public bug reported:

Binary package hint: pptp-linux


When trying to connect to my corporate VPN using PPTP, I get the
following crash on pptp:

# pon MyVPN debug dump logfd 2 nodetach
pppd options in effect:
debug                                  # (from command line)
nodetach                               # (from command line)
logfd 2                                # (from command line)
dump                                   # (from command line)
noauth                                 # (from /etc/ppp/options.pptp)
name solana                            # (from /etc/ppp/peers/MyVPN)
remotename PPTP                        # (from /etc/ppp/peers/MyVPN)
                                       # (from /etc/ppp/options.pptp)
pty pptp my.server.com --nolaunchpppd  # (from /etc/ppp/peers/MyVPN)
crtscts                                # (from /etc/ppp/options)
                                       # (from /etc/ppp/options)
asyncmap 0                             # (from /etc/ppp/options)
lcp-echo-failure 4                     # (from /etc/ppp/options)
lcp-echo-interval 30                   # (from /etc/ppp/options)
hide-password                          # (from /etc/ppp/options)
ipparam MyVPN                          # (from /etc/ppp/peers/MyVPN)
proxyarp                               # (from /etc/ppp/options)
nobsdcomp                              # (from /etc/ppp/options.pptp)
nodeflate                              # (from /etc/ppp/options.pptp)
require-mppe-128                       # (from /etc/ppp/peers/MyVPN)
noipx                                  # (from /etc/ppp/options)
using channel 5
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xed780667> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <mru 1400> <auth chap MS-v2> <magic 0x16646812> 
<pcomp> <accomp> <callback CBCP>]
No auth is possible
sent [LCP ConfRej id=0x0 <auth chap MS-v2> <callback CBCP>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xed780667> <pcomp> <accomp>]
rcvd [LCP TermReq id=0x1 16 64 68 12 00 3c cd 74 00 00 03 97]
sent [LCP TermAck id=0x1]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xed780667> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xed780667> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xed780667> <pcomp> <accomp>]
*** glibc detected *** pptp: call manager for 216.239.45.55: double free or 
corruption (!prev): 0x0805b500 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0x418fa89d]
/lib/tls/i686/cmov/libc.so.6(__libc_free+0x84)[0x418faa24]
pptp: call manager for 216.239.45.55[0x804d099]
pptp: call manager for 216.239.45.55[0x8052668]
pptp: call manager for 216.239.45.55[0x804a676]
pptp: call manager for 216.239.45.55[0x804a4da]
pptp: call manager for 216.239.45.55[0x804a034]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc)[0x418a98cc]
pptp: call manager for 216.239.45.55[0x80494e1]
======= Memory map: ========
08048000-08055000 r-xp 00000000 fe:02 84242101   /usr/sbin/pptp
08055000-08056000 rw-p 0000d000 fe:02 84242101   /usr/sbin/pptp
08056000-08079000 rw-p 08056000 00:00 0          [heap]
41000000-41019000 r-xp 00000000 fe:02 33756411   /lib/ld-2.4.so
41019000-4101b000 rw-p 00018000 fe:02 33756411   /lib/ld-2.4.so
41894000-419c1000 r-xp 00000000 fe:02 100663664  /lib/tls/i686/cmov/libc-2.4.so
419c1000-419c3000 r--p 0012c000 fe:02 100663664  /lib/tls/i686/cmov/libc-2.4.so
419c3000-419c5000 rw-p 0012e000 fe:02 100663664  /lib/tls/i686/cmov/libc-2.4.so
419c5000-419c8000 rw-p 419c5000 00:00 0 
422f2000-42301000 r-xp 00000000 fe:02 100756282  
/lib/tls/i686/cmov/libresolv-2.4.so
42301000-42303000 rw-p 0000f000 fe:02 100756282  
/lib/tls/i686/cmov/libresolv-2.4.so
42303000-42305000 rw-p 42303000 00:00 0 
424c4000-424c6000 r-xp 00000000 fe:02 100765541  
/lib/tls/i686/cmov/libutil-2.4.so
424c6000-424c8000 rw-p 00001000 fe:02 100765541  
/lib/tls/i686/cmov/libutil-2.4.so
424fc000-42506000 r-xp 00000000 fe:02 33756415   /lib/libgcc_s.so.1
42506000-42507000 rw-p 00009000 fe:02 33756415   /lib/libgcc_s.so.1
b7d00000-b7d21000 rw-p b7d00000 00:00 0 
b7d21000-b7e00000 ---p b7d21000 00:00 0 
b7ee4000-b7ee8000 r-xp 00000000 fe:02 100663723  
/lib/tls/i686/cmov/libnss_dns-2.4.so
b7ee8000-b7eea000 rw-p 00003000 fe:02 100663723  
/lib/tls/i686/cmov/libnss_dns-2.4.so
b7eea000-b7ef3000 r-xp 00000000 fe:02 100663724  
/lib/tls/i686/cmov/libnss_files-2.4.so
b7ef3000-b7ef5000 rw-p 00008000 fe:02 100663724  
/lib/tls/i686/cmov/libnss_files-2.4.so
b7ef5000-b7ef6000 rw-p b7ef5000 00:00 0 
b7f02000-b7f04000 rw-p b7f02000 00:00 0 
bfdd4000-bfde9000 rw-p bfdd4000 00:00 0          [stack]
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]
Modem hangup
Connection terminated.
Script pptp my.server.com --nolaunchpppd finished (pid 7022), status = 0x0

** Affects: pptp-linux (Ubuntu)
     Importance: Untriaged
         Status: Unconfirmed

-- 
Double free corruption crash on pptp
https://launchpad.net/bugs/59813

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 59813] Double free corruption crash on pptp

Reply via email to