Package Details: ike 2.2.1-8

Git Clone URL: https://aur.archlinux.org/ike.git (read-only, click to copy)
Package Base: ike
Description: Shrew Soft VPN client for Linux
Upstream URL: http://www.shrew.net
Licenses: BSD
Submitter: tmhedberg
Maintainer: rockybulwinkle
Last Packager: rockybulwinkle
Votes: 27
Popularity: 0.000004
First Submitted: 2011-12-06 17:01 (UTC)
Last Updated: 2023-03-23 20:18 (UTC)

Pinned Comments

rockybulwinkle commented on 2020-12-20 18:30 (UTC)

I took ownership of this package and fixed the build issue with the parser_class_name as figue suggests.

figue commented on 2019-02-15 20:17 (UTC) (edited on 2019-02-15 20:18 (UTC) by figue)

Ok, shrew-vpn-client updated. Please install that package to have QT GUI.

I can't test new ike package, because IT guys gave me a new laptop with W10, and on a virtual machine I can't make ike work... Maybe next week I'll take a closer look. Anyway, QT GUI works and I can edit my profiles.

For the people that already have a profile, you can bring it up in commandline:

ikec -r profile -u user -p password -a

or use the GUI :P

timsat commented on 2019-02-14 20:01 (UTC) (edited on 2019-02-15 19:38 (UTC) by timsat)

ike updated to 2.2.1-5

  • Migrated to OpenSSL 1.1.x.
  • Removed Qt GUI from this package. The idea behind this decision is to have an as minimalistic base package as possible, with separate packages provide GUI.
  • Tested locally with OpenSSL 1.1.1.a-1.

Any feedback would be appreciated, thanks!

Latest Comments

1 2 3 4 5 6 .. 10 Next › Last »

mkurz commented on 2023-03-23 20:50 (UTC)

@rockybulwinkle It works! Great work, thank you very much!

rockybulwinkle commented on 2023-03-23 20:19 (UTC)

Pushed my changes, try them out @murkz

rockybulwinkle commented on 2023-03-23 19:32 (UTC)

@mkurz, I don't see how removing that delete would solve the double free issue. Just below the delete, data_buff is set to the newly allocated memory (new_buff).

I think your changes would hide an already-existing use-after-free bug. If "data_buff" was already freed, and we just copied data out of it, then what the heck did we just copy?

I'm working on my own fix right now. The root cause in my test case (missing configuration data) appears to be in _CONFIG_MANAGER::file_vpn_load. When config.get_ispublic() is true, if sites_all isn't set, then it adds an empty string to the path. That alone isn't a problem, but then it goes to try to add a delimiter to "size-1", which causes an integer overflow. It doesn't appear ins was written to detect this edge case.

The EOF patch looks reasonable.

mkurz commented on 2023-03-23 18:43 (UTC)

@rockybulwinkle Also see https://github.com/dpolitis/shrew.net-vpn-openssl1.1.1/pull/3/files

mkurz commented on 2023-03-23 17:43 (UTC)

@rockybulwinkle can you please apply the patches in my previous two comments? Thanks!

mkurz commented on 2023-03-23 17:38 (UTC)

Another fix is necessary to make ikec run on arm (aarch64): We should not compare unsigned chars to EOF (-1), so here the fix is to avoid casting the return value of fgetc, otherwise the config will not be loaded correctly.

The exactly same problem happened here: https://bugs.webkit.org/show_bug.cgi?id=144439

Here is the patch:

diff --git a/.SRCINFO b/.SRCINFO
index 495888d..bca9bb0 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -17,10 +17,12 @@ pkgbase = ike
    source = openssl-1.1.0.patch
    source = cmake-threadlib.patch
    source = double_free_or_corruption.patch
+   source = fix_file_eof.patch
    md5sums = 3dac18a2da5809ccb38c50cd4a455897
    md5sums = 3cb3ff3b663805f76be1efd527ae436c
    md5sums = 57348fe9112555c0204709c1716e5fff
    md5sums = 4c823bae9e006cf7bfb11fa633a59837
    md5sums = a861705be53c8409f82c5e97398267a6
+   md5sums = 08da74444a28bbd0d2ed056a293e3d72

 pkgname = ike
diff --git a/PKGBUILD b/PKGBUILD
index 042b3f8..94f6c90 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -14,12 +14,13 @@ depends=(openssl ncurses libedit)
 makedepends=(cmake)
 optdepends=(openldap)
 backup=(etc/iked.conf)
-source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service openssl-1.1.0.patch cmake-threadlib.patch double_free_or_corruption.patch)
+source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service openssl-1.1.0.patch cmake-threadlib.patch double_free_or_corruption.patch fix_file_eof.patch)
 md5sums=('3dac18a2da5809ccb38c50cd4a455897'
          '3cb3ff3b663805f76be1efd527ae436c'
          '57348fe9112555c0204709c1716e5fff'
          '4c823bae9e006cf7bfb11fa633a59837'
          'a861705be53c8409f82c5e97398267a6'
+         '08da74444a28bbd0d2ed056a293e3d72'
          )

 prepare () {
@@ -27,6 +28,7 @@ prepare () {
     patch -p1 -i "$srcdir/openssl-1.1.0.patch"
     patch -p1 -i "$srcdir/cmake-threadlib.patch"
     patch -p1 -i "$srcdir/double_free_or_corruption.patch"
+    patch -p1 -i "$srcdir/fix_file_eof.patch"
     sed -i 's/define "parser_class_name"/define parser_class_name/' ./source/iked/conf.parse.yy
 }

diff --git a/fix_file_eof.patch b/fix_file_eof.patch
new file mode 100644
index 0000000..ea8e445
--- /dev/null
+++ b/fix_file_eof.patch
@@ -0,0 +1,24 @@
+diff --git a/source/libike/manager.file.cpp b/source/libike/manager.file.cpp
+index 67a50ad..babd352 100644
+--- a/source/libike/manager.file.cpp
++++ b/source/libike/manager.file.cpp
+@@ -203,8 +203,8 @@ bool _CONFIG_MANAGER::file_vpn_load( CONFIG & config, const char * path, bool sa
+ 
+   while( true )
+   {
+-      char    next;
+-      char    type;
++      int     next;
++      int     type;
+       BDATA   name;
+       BDATA   data;
+ 
+@@ -405,7 +405,7 @@ bool _CONFIG_MANAGER::file_vpn_del( CONFIG & config )
+ 
+ bool read_line_pcf( FILE * fp, BDATA & name, BDATA & data )
+ {
+-  char    next;
++  int     next;
+   BDATA   line;
+ 
+   name.del();

mkurz commented on 2023-03-23 17:34 (UTC)

When running ikec on arm (aarch64) you run into "double free or corruption". The "double free or corruption" error occurs when memory is freed twice or when memory is freed that was not previously allocated. In libidb.cpp, it seems that the data_buff pointer is being freed twice: once in the grow method and again in the ~_BDATA destructor.

To fix that we can just don't try to free the memory in the grow method. Here is the patch:

diff --git a/.SRCINFO b/.SRCINFO
index b6aa261..495888d 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -16,9 +16,11 @@ pkgbase = ike
    source = iked.service
    source = openssl-1.1.0.patch
    source = cmake-threadlib.patch
+   source = double_free_or_corruption.patch
    md5sums = 3dac18a2da5809ccb38c50cd4a455897
    md5sums = 3cb3ff3b663805f76be1efd527ae436c
    md5sums = 57348fe9112555c0204709c1716e5fff
    md5sums = 4c823bae9e006cf7bfb11fa633a59837
+   md5sums = a861705be53c8409f82c5e97398267a6

 pkgname = ike
diff --git a/PKGBUILD b/PKGBUILD
index 31b350e..042b3f8 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -14,17 +14,19 @@ depends=(openssl ncurses libedit)
 makedepends=(cmake)
 optdepends=(openldap)
 backup=(etc/iked.conf)
-source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service openssl-1.1.0.patch cmake-threadlib.patch)
+source=("http://www.shrew.net/download/ike/ike-$pkgver-release.tgz" iked.service openssl-1.1.0.patch cmake-threadlib.patch double_free_or_corruption.patch)
 md5sums=('3dac18a2da5809ccb38c50cd4a455897'
          '3cb3ff3b663805f76be1efd527ae436c'
          '57348fe9112555c0204709c1716e5fff'
          '4c823bae9e006cf7bfb11fa633a59837'
+         'a861705be53c8409f82c5e97398267a6'
          )

 prepare () {
     cd "$srcdir/ike"
     patch -p1 -i "$srcdir/openssl-1.1.0.patch"
     patch -p1 -i "$srcdir/cmake-threadlib.patch"
+    patch -p1 -i "$srcdir/double_free_or_corruption.patch"
     sed -i 's/define "parser_class_name"/define parser_class_name/' ./source/iked/conf.parse.yy
 }

diff --git a/double_free_or_corruption.patch b/double_free_or_corruption.patch
new file mode 100644
index 0000000..e04c6a8
--- /dev/null
+++ b/double_free_or_corruption.patch
@@ -0,0 +1,12 @@
+diff --git a/source/libidb/libidb.cpp b/source/libidb/libidb.cpp
+index 672198a..d66620e 100644
+--- a/source/libidb/libidb.cpp
++++ b/source/libidb/libidb.cpp
+@@ -99,7 +99,6 @@ size_t _BDATA::grow( size_t new_real )
+       if( data_buff != NULL )
+       {
+           memcpy( new_buff, data_buff, data_real );
+-          delete [] data_buff;
+       }
+ 
+       data_buff = new_buff;

rockybulwinkle commented on 2022-11-08 21:06 (UTC)

Thanks manuelino. I think your approach may be better. I'll have to take a closer look tonight. Generally, disabling compiler warnings like I did is more of a "bandaid" than a "fix".

manuelino commented on 2022-11-08 20:52 (UTC)

Dumped to pastebin.

https://pastebin.com/hnPzUS6z

manuelino commented on 2022-11-08 20:49 (UTC)

Aaaand... I messed up the Markdown formatting.