← Back to team overview

desktop-packages team mailing list archive

  1. desktop-packages team
  2. Mailing list archive
  3. Message #94405

[Bug 1410675] [NEW] segfault on pppd parameters dump when using plugin pppol2tp

  Thread PreviousDate PreviousThread Next 
Public bug reported:

There is a bug in pppol2tp plugin:

Jan 14 00:56:27 iorange pppd[20230]: Plugin pppol2tp.so loaded.
Jan 14 00:56:27 iorange pppd[20230]: pppd options in effect:
Jan 14 00:56:27 iorange pppd[20230]: debug debug#011#011# (from /etc/ppp/options.xl2tpd)
Jan 14 00:56:27 iorange pppd[20230]: nodetach#011#011# (from command line)
Jan 14 00:56:27 iorange pppd[20230]: logfile /var/log/beeline-ppp0-dbg.log#011#011# (from /etc/ppp/options.xl2tpd)
Jan 14 00:56:27 iorange pppd[20230]: unit 0#011#011# (from /etc/ppp/options.xl2tpd)
Jan 14 00:56:27 iorange pppd[20230]: dump#011#011# (from /etc/ppp/options.xl2tpd)
Jan 14 00:56:27 iorange pppd[20230]: plugin pppol2tp.so#011#011# (from command line)
Jan 14 00:56:27 iorange pppd[20230]: noauth#011#011# (from /etc/ppp/options.xl2tpd)
Jan 14 00:56:27 iorange pppd[20230]: name shooorf#011#011# (from /etc/ppp/options.xl2tpd)
Jan 14 00:56:27 iorange pppd[20230]: remotename l2tp#011#011# (from /etc/ppp/options.xl2tpd)
Jan 14 00:56:27 iorange kernel: [266504.060596] pppd[20230]: segfault at 0 ip 0000000000424960 sp 00007fff609ac230 error 4 in pppd[400000+5a000]

Bug could be reproduced only when ppp option "dump" is active and pppol2tp is used.
Seg fault caused by function "print_option"  in options.c

Stack trace

/usr/sbin/pppd(vslprintf+0x6a)[0x427454]
/usr/sbin/pppd(pr_log+0xba)[0x428ab7]
/usr/sbin/pppd[0x425603]
/usr/sbin/pppd[0x42576a]
/usr/sbin/pppd(print_options+0x87)[0x425814]
/usr/sbin/pppd(main+0x319)[0x40ac55]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f52ba596ec5]
/usr/sbin/pppd[0x40a7e9]


The reason of segfault is invalid parameter declaration in source code of pppol2tp plugin:

static char *pppol2tp_fd_str;
...
static option_t pppol2tp_options[] = {
        { "pppol2tp", o_special, &setdevname_pppol2tp,
          "FD for PPPoL2TP socket", OPT_DEVNAM | OPT_A2STRVAL ,
          &pppol2tp_fd_str }, ...

Parameter should be declared as OPT_STATIC as well.

** Affects: ppp (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: dump plugin pppd pppol2tp segfault

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ppp in Ubuntu.
https://bugs.launchpad.net/bugs/1410675

Title:
  segfault on pppd parameters dump when using plugin pppol2tp

Status in ppp package in Ubuntu:
  New

Bug description:
  There is a bug in pppol2tp plugin:

  Jan 14 00:56:27 iorange pppd[20230]: Plugin pppol2tp.so loaded.
  Jan 14 00:56:27 iorange pppd[20230]: pppd options in effect:
  Jan 14 00:56:27 iorange pppd[20230]: debug debug#011#011# (from /etc/ppp/options.xl2tpd)
  Jan 14 00:56:27 iorange pppd[20230]: nodetach#011#011# (from command line)
  Jan 14 00:56:27 iorange pppd[20230]: logfile /var/log/beeline-ppp0-dbg.log#011#011# (from /etc/ppp/options.xl2tpd)
  Jan 14 00:56:27 iorange pppd[20230]: unit 0#011#011# (from /etc/ppp/options.xl2tpd)
  Jan 14 00:56:27 iorange pppd[20230]: dump#011#011# (from /etc/ppp/options.xl2tpd)
  Jan 14 00:56:27 iorange pppd[20230]: plugin pppol2tp.so#011#011# (from command line)
  Jan 14 00:56:27 iorange pppd[20230]: noauth#011#011# (from /etc/ppp/options.xl2tpd)
  Jan 14 00:56:27 iorange pppd[20230]: name shooorf#011#011# (from /etc/ppp/options.xl2tpd)
  Jan 14 00:56:27 iorange pppd[20230]: remotename l2tp#011#011# (from /etc/ppp/options.xl2tpd)
  Jan 14 00:56:27 iorange kernel: [266504.060596] pppd[20230]: segfault at 0 ip 0000000000424960 sp 00007fff609ac230 error 4 in pppd[400000+5a000]

  Bug could be reproduced only when ppp option "dump" is active and pppol2tp is used.
  Seg fault caused by function "print_option"  in options.c

  Stack trace

  /usr/sbin/pppd(vslprintf+0x6a)[0x427454]
  /usr/sbin/pppd(pr_log+0xba)[0x428ab7]
  /usr/sbin/pppd[0x425603]
  /usr/sbin/pppd[0x42576a]
  /usr/sbin/pppd(print_options+0x87)[0x425814]
  /usr/sbin/pppd(main+0x319)[0x40ac55]
  /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f52ba596ec5]
  /usr/sbin/pppd[0x40a7e9]

  
  The reason of segfault is invalid parameter declaration in source code of pppol2tp plugin:

  static char *pppol2tp_fd_str;
  ...
  static option_t pppol2tp_options[] = {
          { "pppol2tp", o_special, &setdevname_pppol2tp,
            "FD for PPPoL2TP socket", OPT_DEVNAM | OPT_A2STRVAL ,
            &pppol2tp_fd_str }, ...

  Parameter should be declared as OPT_STATIC as well.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ppp/+bug/1410675/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next