Arch Linux User Repository

I took ownership of this package and fixed the build issue with the parser_class_name as figue suggests.

Ok, shrew-vpn-client updated. Please install that package to have QT GUI.

I can't test new ike package, because IT guys gave me a new laptop with W10, and on a virtual machine I can't make ike work... Maybe next week I'll take a closer look. Anyway, QT GUI works and I can edit my profiles.

For the people that already have a profile, you can bring it up in commandline:

ikec -r profile -u user -p password -a

or use the GUI :P

ike updated to 2.2.1-5

• Migrated to OpenSSL 1.1.x.
• Removed Qt GUI from this package. The idea behind this decision is to have an as minimalistic base package as possible, with separate packages provide GUI.
• Tested locally with OpenSSL 1.1.1.a-1.

Any feedback would be appreciated, thanks!

@rockybulwinkle It works! Great work, thank you very much!

Pushed my changes, try them out @murkz

@mkurz, I don't see how removing that delete would solve the double free issue. Just below the delete, data_buff is set to the newly allocated memory (new_buff).

I think your changes would hide an already-existing use-after-free bug. If "data_buff" was already freed, and we just copied data out of it, then what the heck did we just copy?

I'm working on my own fix right now. The root cause in my test case (missing configuration data) appears to be in _CONFIG_MANAGER::file_vpn_load. When config.get_ispublic() is true, if sites_all isn't set, then it adds an empty string to the path. That alone isn't a problem, but then it goes to try to add a delimiter to "size-1", which causes an integer overflow. It doesn't appear ins was written to detect this edge case.

The EOF patch looks reasonable.

@rockybulwinkle Also see https://github.com/dpolitis/shrew.net-vpn-openssl1.1.1/pull/3/files

@rockybulwinkle can you please apply the patches in my previous two comments? Thanks!

Another fix is necessary to make ikec run on arm (aarch64): We should not compare unsigned chars to EOF (-1), so here the fix is to avoid casting the return value of fgetc, otherwise the config will not be loaded correctly.

The exactly same problem happened here: https://bugs.webkit.org/show_bug.cgi?id=144439

Here is the patch:

diff --git a/.SRCINFO b/.SRCINFO
index 495888d..bca9bb0 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -17,10 +17,12 @@ pkgbase = ike
    source = openssl-1.1.0.patch
    source = cmake-threadlib.patch
    source = double_free_or_corruption.patch
+   source = fix_file_eof.patch
    md5sums = 3dac18a2da5809ccb38c50cd4a455897
    md5sums = 3cb3ff3b663805f76be1efd527ae436c
    md5sums = 57348fe9112555c0204709c1716e5fff
    md5sums = 4c823bae9e006cf7bfb11fa633a59837
    md5sums = a861705be53c8409f82c5e97398267a6
+   md5sums = 08da74444a28bbd0d2ed056a293e3d72

 pkgname = ike
diff --git a/PKGBUILD b/PKGBUILD
index 042b3f8..94f6c90 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -14,12 +14,13 @@ depends=(openssl ncurses libedit)
 makedepends=(cmake)
 optdepends=(openldap)
 backup=(etc/iked.conf)
-source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service openssl-1.1.0.patch cmake-threadlib.patch double_free_or_corruption.patch)
+source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service openssl-1.1.0.patch cmake-threadlib.patch double_free_or_corruption.patch fix_file_eof.patch)
 md5sums=('3dac18a2da5809ccb38c50cd4a455897'
          '3cb3ff3b663805f76be1efd527ae436c'
          '57348fe9112555c0204709c1716e5fff'
          '4c823bae9e006cf7bfb11fa633a59837'
          'a861705be53c8409f82c5e97398267a6'
+         '08da74444a28bbd0d2ed056a293e3d72'
          )

 prepare () {
@@ -27,6 +28,7 @@ prepare () {
     patch -p1 -i "$srcdir/openssl-1.1.0.patch"
     patch -p1 -i "$srcdir/cmake-threadlib.patch"
     patch -p1 -i "$srcdir/double_free_or_corruption.patch"
+    patch -p1 -i "$srcdir/fix_file_eof.patch"
     sed -i 's/define "parser_class_name"/define parser_class_name/' ./source/iked/conf.parse.yy
 }

diff --git a/fix_file_eof.patch b/fix_file_eof.patch
new file mode 100644
index 0000000..ea8e445
--- /dev/null
+++ b/fix_file_eof.patch
@@ -0,0 +1,24 @@
+diff --git a/source/libike/manager.file.cpp b/source/libike/manager.file.cpp
+index 67a50ad..babd352 100644
+--- a/source/libike/manager.file.cpp
++++ b/source/libike/manager.file.cpp
+@@ -203,8 +203,8 @@ bool _CONFIG_MANAGER::file_vpn_load( CONFIG & config, const char * path, bool sa
+ 
+   while( true )
+   {
+-      char    next;
+-      char    type;
++      int     next;
++      int     type;
+       BDATA   name;
+       BDATA   data;
+ 
+@@ -405,7 +405,7 @@ bool _CONFIG_MANAGER::file_vpn_del( CONFIG & config )
+ 
+ bool read_line_pcf( FILE * fp, BDATA & name, BDATA & data )
+ {
+-  char    next;
++  int     next;
+   BDATA   line;
+ 
+   name.del();

When running ikec on arm (aarch64) you run into "double free or corruption". The "double free or corruption" error occurs when memory is freed twice or when memory is freed that was not previously allocated. In libidb.cpp, it seems that the data_buff pointer is being freed twice: once in the grow method and again in the ~_BDATA destructor.

To fix that we can just don't try to free the memory in the grow method. Here is the patch:

diff --git a/.SRCINFO b/.SRCINFO
index b6aa261..495888d 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -16,9 +16,11 @@ pkgbase = ike
    source = iked.service
    source = openssl-1.1.0.patch
    source = cmake-threadlib.patch
+   source = double_free_or_corruption.patch
    md5sums = 3dac18a2da5809ccb38c50cd4a455897
    md5sums = 3cb3ff3b663805f76be1efd527ae436c
    md5sums = 57348fe9112555c0204709c1716e5fff
    md5sums = 4c823bae9e006cf7bfb11fa633a59837
+   md5sums = a861705be53c8409f82c5e97398267a6

 pkgname = ike
diff --git a/PKGBUILD b/PKGBUILD
index 31b350e..042b3f8 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -14,17 +14,19 @@ depends=(openssl ncurses libedit)
 makedepends=(cmake)
 optdepends=(openldap)
 backup=(etc/iked.conf)
-source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service openssl-1.1.0.patch cmake-threadlib.patch)
+source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service openssl-1.1.0.patch cmake-threadlib.patch double_free_or_corruption.patch)
 md5sums=('3dac18a2da5809ccb38c50cd4a455897'
          '3cb3ff3b663805f76be1efd527ae436c'
          '57348fe9112555c0204709c1716e5fff'
          '4c823bae9e006cf7bfb11fa633a59837'
+         'a861705be53c8409f82c5e97398267a6'
          )

 prepare () {
     cd "$srcdir/ike"
     patch -p1 -i "$srcdir/openssl-1.1.0.patch"
     patch -p1 -i "$srcdir/cmake-threadlib.patch"
+    patch -p1 -i "$srcdir/double_free_or_corruption.patch"
     sed -i 's/define "parser_class_name"/define parser_class_name/' ./source/iked/conf.parse.yy
 }

diff --git a/double_free_or_corruption.patch b/double_free_or_corruption.patch
new file mode 100644
index 0000000..e04c6a8
--- /dev/null
+++ b/double_free_or_corruption.patch
@@ -0,0 +1,12 @@
+diff --git a/source/libidb/libidb.cpp b/source/libidb/libidb.cpp
+index 672198a..d66620e 100644
+--- a/source/libidb/libidb.cpp
++++ b/source/libidb/libidb.cpp
+@@ -99,7 +99,6 @@ size_t _BDATA::grow( size_t new_real )
+       if( data_buff != NULL )
+       {
+           memcpy( new_buff, data_buff, data_real );
+-          delete [] data_buff;
+       }
+ 
+       data_buff = new_buff;

Thanks manuelino. I think your approach may be better. I'll have to take a closer look tonight. Generally, disabling compiler warnings like I did is more of a "bandaid" than a "fix".

Dumped to pastebin.

https://pastebin.com/hnPzUS6z

Aaaand... I messed up the Markdown formatting.