Ok, it's not as bad as I thought. At least in my work network, if don't make failure to create a UDP_ENCAP_ESPINUDP_NON_IKE socket fatal, then I can still connect to my work.
Search Criteria
Package Details: ike 2.2.1-9
Package Actions
Git Clone URL: | https://aur.archlinux.org/ike.git (read-only, click to copy) |
---|---|
Package Base: | ike |
Description: | Shrew Soft VPN client for Linux |
Upstream URL: | http://www.shrew.net |
Licenses: | BSD |
Submitter: | tmhedberg |
Maintainer: | rockybulwinkle |
Last Packager: | rockybulwinkle |
Votes: | 27 |
Popularity: | 0.000000 |
First Submitted: | 2011-12-06 17:01 (UTC) |
Last Updated: | 2024-07-26 16:26 (UTC) |
Dependencies (5)
- libedit
- ncurses (ncurses-gitAUR)
- openssl (openssl-gitAUR, openssl-staticAUR)
- cmake (cmake-gitAUR) (make)
- openldap (openldap-gnutlsAUR) (optional)
Required by (2)
Sources (7)
rockybulwinkle commented on 2024-07-26 15:38 (UTC)
rockybulwinkle commented on 2024-07-26 12:26 (UTC)
Found the culprit. They dropped support for my socket mode!
rockybulwinkle commented on 2024-07-26 12:18 (UTC)
The package broke. Looks like the kernel upgrade from 6.9.10.arch1-1 -> 6.10.arch1-2 on the 23rd broke it.
Patches welcome!
mkurz commented on 2023-03-23 20:50 (UTC)
@rockybulwinkle It works! Great work, thank you very much!
rockybulwinkle commented on 2023-03-23 20:19 (UTC)
Pushed my changes, try them out @murkz
rockybulwinkle commented on 2023-03-23 19:32 (UTC)
@mkurz, I don't see how removing that delete would solve the double free issue. Just below the delete, data_buff is set to the newly allocated memory (new_buff).
I think your changes would hide an already-existing use-after-free bug. If "data_buff" was already freed, and we just copied data out of it, then what the heck did we just copy?
I'm working on my own fix right now. The root cause in my test case (missing configuration data) appears to be in _CONFIG_MANAGER::file_vpn_load. When config.get_ispublic() is true, if sites_all isn't set, then it adds an empty string to the path. That alone isn't a problem, but then it goes to try to add a delimiter to "size-1", which causes an integer overflow. It doesn't appear ins was written to detect this edge case.
The EOF patch looks reasonable.
mkurz commented on 2023-03-23 18:43 (UTC)
@rockybulwinkle Also see https://github.com/dpolitis/shrew.net-vpn-openssl1.1.1/pull/3/files
mkurz commented on 2023-03-23 17:43 (UTC)
@rockybulwinkle can you please apply the patches in my previous two comments? Thanks!
mkurz commented on 2023-03-23 17:38 (UTC)
Another fix is necessary to make ikec run on arm (aarch64): We should not compare unsigned chars to EOF (-1), so here the fix is to avoid casting the return value of fgetc, otherwise the config will not be loaded correctly.
The exactly same problem happened here: https://bugs.webkit.org/show_bug.cgi?id=144439
Here is the patch:
diff --git a/.SRCINFO b/.SRCINFO
index 495888d..bca9bb0 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -17,10 +17,12 @@ pkgbase = ike
source = openssl-1.1.0.patch
source = cmake-threadlib.patch
source = double_free_or_corruption.patch
+ source = fix_file_eof.patch
md5sums = 3dac18a2da5809ccb38c50cd4a455897
md5sums = 3cb3ff3b663805f76be1efd527ae436c
md5sums = 57348fe9112555c0204709c1716e5fff
md5sums = 4c823bae9e006cf7bfb11fa633a59837
md5sums = a861705be53c8409f82c5e97398267a6
+ md5sums = 08da74444a28bbd0d2ed056a293e3d72
pkgname = ike
diff --git a/PKGBUILD b/PKGBUILD
index 042b3f8..94f6c90 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -14,12 +14,13 @@ depends=(openssl ncurses libedit)
makedepends=(cmake)
optdepends=(openldap)
backup=(etc/iked.conf)
-source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service openssl-1.1.0.patch cmake-threadlib.patch double_free_or_corruption.patch)
+source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service openssl-1.1.0.patch cmake-threadlib.patch double_free_or_corruption.patch fix_file_eof.patch)
md5sums=('3dac18a2da5809ccb38c50cd4a455897'
'3cb3ff3b663805f76be1efd527ae436c'
'57348fe9112555c0204709c1716e5fff'
'4c823bae9e006cf7bfb11fa633a59837'
'a861705be53c8409f82c5e97398267a6'
+ '08da74444a28bbd0d2ed056a293e3d72'
)
prepare () {
@@ -27,6 +28,7 @@ prepare () {
patch -p1 -i "$srcdir/openssl-1.1.0.patch"
patch -p1 -i "$srcdir/cmake-threadlib.patch"
patch -p1 -i "$srcdir/double_free_or_corruption.patch"
+ patch -p1 -i "$srcdir/fix_file_eof.patch"
sed -i 's/define "parser_class_name"/define parser_class_name/' ./source/iked/conf.parse.yy
}
diff --git a/fix_file_eof.patch b/fix_file_eof.patch
new file mode 100644
index 0000000..ea8e445
--- /dev/null
+++ b/fix_file_eof.patch
@@ -0,0 +1,24 @@
+diff --git a/source/libike/manager.file.cpp b/source/libike/manager.file.cpp
+index 67a50ad..babd352 100644
+--- a/source/libike/manager.file.cpp
++++ b/source/libike/manager.file.cpp
+@@ -203,8 +203,8 @@ bool _CONFIG_MANAGER::file_vpn_load( CONFIG & config, const char * path, bool sa
+
+ while( true )
+ {
+- char next;
+- char type;
++ int next;
++ int type;
+ BDATA name;
+ BDATA data;
+
+@@ -405,7 +405,7 @@ bool _CONFIG_MANAGER::file_vpn_del( CONFIG & config )
+
+ bool read_line_pcf( FILE * fp, BDATA & name, BDATA & data )
+ {
+- char next;
++ int next;
+ BDATA line;
+
+ name.del();
mkurz commented on 2023-03-23 17:34 (UTC)
When running ikec on arm (aarch64) you run into "double free or corruption". The "double free or corruption" error occurs when memory is freed twice or when memory is freed that was not previously allocated. In libidb.cpp, it seems that the data_buff pointer is being freed twice: once in the grow method and again in the ~_BDATA destructor.
To fix that we can just don't try to free the memory in the grow method. Here is the patch:
diff --git a/.SRCINFO b/.SRCINFO
index b6aa261..495888d 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -16,9 +16,11 @@ pkgbase = ike
source = iked.service
source = openssl-1.1.0.patch
source = cmake-threadlib.patch
+ source = double_free_or_corruption.patch
md5sums = 3dac18a2da5809ccb38c50cd4a455897
md5sums = 3cb3ff3b663805f76be1efd527ae436c
md5sums = 57348fe9112555c0204709c1716e5fff
md5sums = 4c823bae9e006cf7bfb11fa633a59837
+ md5sums = a861705be53c8409f82c5e97398267a6
pkgname = ike
diff --git a/PKGBUILD b/PKGBUILD
index 31b350e..042b3f8 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -14,17 +14,19 @@ depends=(openssl ncurses libedit)
makedepends=(cmake)
optdepends=(openldap)
backup=(etc/iked.conf)
-source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service openssl-1.1.0.patch cmake-threadlib.patch)
+source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service openssl-1.1.0.patch cmake-threadlib.patch double_free_or_corruption.patch)
md5sums=('3dac18a2da5809ccb38c50cd4a455897'
'3cb3ff3b663805f76be1efd527ae436c'
'57348fe9112555c0204709c1716e5fff'
'4c823bae9e006cf7bfb11fa633a59837'
+ 'a861705be53c8409f82c5e97398267a6'
)
prepare () {
cd "$srcdir/ike"
patch -p1 -i "$srcdir/openssl-1.1.0.patch"
patch -p1 -i "$srcdir/cmake-threadlib.patch"
+ patch -p1 -i "$srcdir/double_free_or_corruption.patch"
sed -i 's/define "parser_class_name"/define parser_class_name/' ./source/iked/conf.parse.yy
}
diff --git a/double_free_or_corruption.patch b/double_free_or_corruption.patch
new file mode 100644
index 0000000..e04c6a8
--- /dev/null
+++ b/double_free_or_corruption.patch
@@ -0,0 +1,12 @@
+diff --git a/source/libidb/libidb.cpp b/source/libidb/libidb.cpp
+index 672198a..d66620e 100644
+--- a/source/libidb/libidb.cpp
++++ b/source/libidb/libidb.cpp
+@@ -99,7 +99,6 @@ size_t _BDATA::grow( size_t new_real )
+ if( data_buff != NULL )
+ {
+ memcpy( new_buff, data_buff, data_real );
+- delete [] data_buff;
+ }
+
+ data_buff = new_buff;
Pinned Comments
rockybulwinkle commented on 2020-12-20 18:30 (UTC)
I took ownership of this package and fixed the build issue with the parser_class_name as figue suggests.
figue commented on 2019-02-15 20:17 (UTC) (edited on 2019-02-15 20:18 (UTC) by figue)
Ok, shrew-vpn-client updated. Please install that package to have QT GUI.
I can't test new ike package, because IT guys gave me a new laptop with W10, and on a virtual machine I can't make ike work... Maybe next week I'll take a closer look. Anyway, QT GUI works and I can edit my profiles.
For the people that already have a profile, you can bring it up in commandline:
or use the GUI :P
timsat commented on 2019-02-14 20:01 (UTC) (edited on 2019-02-15 19:38 (UTC) by timsat)
ike updated to 2.2.1-5
Any feedback would be appreciated, thanks!