#41 Abort (core dumped) crash - freeing memory chunk twice

closed
nobody
None
5
2009-01-16
2007-02-09
Uncle Pedro
No

I am receiving this error right before racoon crashes:
racoon in free(): error: chunk is already free
Abort (core dumped)

When I attempt to send packets, the IKE negotiation completes successfully, but when racoon parses through the Quick Mode 1 message that it receives as the responder OR the Quick Mode 2 message that it receives as the initiator, it errors out as shown above.

This breaks with the latest CVS, but not with the 0.6.6 release that is in the ports collection of FreeBSD.

I realize that I may not be giving enough information, so if you need any more please don't hesitate to ask.

My IKE policy is:
Encr: DES
Auth: MD5
DH g: 1 (768)
LTS : 86400
LTK : None

My IPsec policy is:
Transform1:
Kind: AH
Mode: Tunnel
Encr: DES
Auth: MD5
DH g: None
LTS : 86400
LTK : None

Transform2:
Kind: ESP
Mode: Tunnel
Encr: DES
Auth: None
DH g: None
LTS : 86400
LTK : None

Here is the log:

2007-02-09 10:12:16: DEBUG: ===
2007-02-09 10:12:16: DEBUG: 188 bytes message received from 30.0.0.101[500] to 30.0.0.104[500]
2007-02-09 10:12:16: DEBUG:
74505d93 960df424 a2a06334 be451e64 08102001 ee526c72 000000bc 97ef566d
b949bba0 ad520d0f f702fe01 ae4f26dc 5622f5f3 43cd20d4 6fd18a9b 8ab43296
2cfa02fa ff773c11 df30b13b e921d314 fd1e5563 08f3fbec d673bb8c 17e5c0a3
b641a7f4 904b21f8 53e0ad24 cb88dbbe 463bab12 0c7eecc0 966db66a adeeef85
ceef3849 291defcc 10cbbc6f 9ed6c1ec aa752982 40e05f1e 763bfe10 a7831537
99ced2b3 b8a2737f f57a35b6 a1109456 823b0d02 fbeb8ca6 d7e3500a
2007-02-09 10:12:16: DEBUG: begin decryption.
2007-02-09 10:12:16: DEBUG: encryption(des)
2007-02-09 10:12:16: DEBUG: IV was saved for next processing:
2007-02-09 10:12:16: DEBUG:
fbeb8ca6 d7e3500a
2007-02-09 10:12:16: DEBUG: encryption(des)
2007-02-09 10:12:16: DEBUG: with key:
2007-02-09 10:12:16: DEBUG:
b1529e62 1de2b8b0
2007-02-09 10:12:16: DEBUG: decrypted payload by IV:
2007-02-09 10:12:16: DEBUG:
12710c9b 1c3c5ab7
2007-02-09 10:12:16: DEBUG: decrypted payload, but not trimed.
2007-02-09 10:12:16: DEBUG:
01000014 a8d13747 4e5c7eb5 0142519b f726f923 0a000058 00000001 00000001
02000028 01020401 37535383 0000001c 01020000 80010001 00020004 00015180
80040001 80050001 00000024 01030401 98652c61 00000018 02020000 80010001
00020004 00015180 80040001 05000014 95fe9ea2 6c5d2555 3af17639 441712b9
05000010 04000000 28000000 ffffff00 00000010 04000000 14000000 ffffff00
2007-02-09 10:12:16: DEBUG: padding len=1
2007-02-09 10:12:16: DEBUG: skip to trim padding.
2007-02-09 10:12:16: DEBUG: decrypted.
2007-02-09 10:12:16: DEBUG:
74505d93 960df424 a2a06334 be451e64 08102001 ee526c72 000000bc 01000014
a8d13747 4e5c7eb5 0142519b f726f923 0a000058 00000001 00000001 02000028
01020401 37535383 0000001c 01020000 80010001 00020004 00015180 80040001
80050001 00000024 01030401 98652c61 00000018 02020000 80010001 00020004
00015180 80040001 05000014 95fe9ea2 6c5d2555 3af17639 441712b9 05000010
04000000 28000000 ffffff00 00000010 04000000 14000000 ffffff00
2007-02-09 10:12:16: DEBUG: begin.
2007-02-09 10:12:16: DEBUG: seen nptype=8(hash)
2007-02-09 10:12:16: DEBUG: seen nptype=1(sa)
2007-02-09 10:12:16: DEBUG: seen nptype=10(nonce)
2007-02-09 10:12:16: DEBUG: seen nptype=5(id)
2007-02-09 10:12:16: DEBUG: seen nptype=5(id)
2007-02-09 10:12:16: DEBUG: succeed.
2007-02-09 10:12:16: DEBUG: HASH allocated:hbuf->l=176 actual:tlen=156
2007-02-09 10:12:16: DEBUG: HASH(2) received:2007-02-09 10:12:16: DEBUG:
a8d13747 4e5c7eb5 0142519b f726f923
2007-02-09 10:12:16: DEBUG: HASH with:
2007-02-09 10:12:16: DEBUG:
ee526c72 8e5c0655 81340b26 331b1a3d a38d2beb 0a000058 00000001 00000001
02000028 01020401 37535383 0000001c 01020000 80010001 00020004 00015180
80040001 80050001 00000024 01030401 98652c61 00000018 02020000 80010001
00020004 00015180 80040001 05000014 95fe9ea2 6c5d2555 3af17639 441712b9
05000010 04000000 28000000 ffffff00 00000010 04000000 14000000 ffffff00
2007-02-09 10:12:16: DEBUG: hmac(hmac_md5)
2007-02-09 10:12:16: DEBUG: HASH computed:
2007-02-09 10:12:16: DEBUG:
a8d13747 4e5c7eb5 0142519b f726f923
2007-02-09 10:12:16: DEBUG: total SA len=164
2007-02-09 10:12:16: DEBUG:
00000001 00000001 02000028 01020401 02e09a38 0000001c 01020000 80010001
00020004 00015180 80040001 80050001 00000074 01030404 08f3c400 0300001c
01020000 80010001 00020004 00015180 80040001 80050001 03000018 02020000
80010001 00020004 00015180 80040001 0300001c 03020000 80010001 00020004
00015180 80040001 80050001 00000018 04020000 80010001 00020004 00015180
80040001
2007-02-09 10:12:16: DEBUG: begin.
2007-02-09 10:12:16: DEBUG: seen nptype=2(prop)
2007-02-09 10:12:16: DEBUG: seen nptype=2(prop)
2007-02-09 10:12:16: DEBUG: succeed.
2007-02-09 10:12:16: DEBUG: proposal #1 len=40
2007-02-09 10:12:16: DEBUG: begin.
2007-02-09 10:12:16: DEBUG: seen nptype=3(trns)
2007-02-09 10:12:16: DEBUG: succeed.
2007-02-09 10:12:16: DEBUG: transform #1 len=28
2007-02-09 10:12:16: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2007-02-09 10:12:16: DEBUG: type=SA Life Duration, flag=0x0000, lorv=4
2007-02-09 10:12:16: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2007-02-09 10:12:16: DEBUG: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2007-02-09 10:12:16: DEBUG: proposal #1 len=116
2007-02-09 10:12:16: DEBUG: begin.
2007-02-09 10:12:16: DEBUG: seen nptype=3(trns)
2007-02-09 10:12:16: DEBUG: seen nptype=3(trns)
2007-02-09 10:12:16: DEBUG: seen nptype=3(trns)
2007-02-09 10:12:16: DEBUG: seen nptype=3(trns)
2007-02-09 10:12:16: DEBUG: succeed.
2007-02-09 10:12:16: DEBUG: transform #1 len=28
2007-02-09 10:12:16: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2007-02-09 10:12:16: DEBUG: type=SA Life Duration, flag=0x0000, lorv=4
2007-02-09 10:12:16: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2007-02-09 10:12:16: DEBUG: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2007-02-09 10:12:16: DEBUG: transform #2 len=24
2007-02-09 10:12:16: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2007-02-09 10:12:16: DEBUG: type=SA Life Duration, flag=0x0000, lorv=4
2007-02-09 10:12:16: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2007-02-09 10:12:16: DEBUG: transform #3 len=28
2007-02-09 10:12:16: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2007-02-09 10:12:16: DEBUG: type=SA Life Duration, flag=0x0000, lorv=4
2007-02-09 10:12:16: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2007-02-09 10:12:16: DEBUG: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2007-02-09 10:12:16: DEBUG: transform #4 len=24
2007-02-09 10:12:16: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2007-02-09 10:12:16: DEBUG: type=SA Life Duration, flag=0x0000, lorv=4
2007-02-09 10:12:16: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2007-02-09 10:12:16: DEBUG: pair 1:
2007-02-09 10:12:16: DEBUG: 0x80b2750: next=0x80b2760 tnext=0x0
2007-02-09 10:12:16: DEBUG: 0x80b2760: next=0x0 tnext=0x80b2770
2007-02-09 10:12:16: DEBUG: 0x80b2770: next=0x0 tnext=0x80b2780
2007-02-09 10:12:16: DEBUG: 0x80b2780: next=0x0 tnext=0x80b2790
2007-02-09 10:12:16: DEBUG: 0x80b2790: next=0x0 tnext=0x0
2007-02-09 10:12:16: DEBUG: proposal #1: 5 transform
2007-02-09 10:12:16: DEBUG: total SA len=84
2007-02-09 10:12:16: DEBUG:
00000001 00000001 02000028 01020401 37535383 0000001c 01020000 80010001
00020004 00015180 80040001 80050001 00000024 01030401 98652c61 00000018
02020000 80010001 00020004 00015180 80040001
2007-02-09 10:12:16: DEBUG: begin.
2007-02-09 10:12:16: DEBUG: seen nptype=2(prop)
2007-02-09 10:12:16: DEBUG: seen nptype=2(prop)
2007-02-09 10:12:16: DEBUG: succeed.
2007-02-09 10:12:16: DEBUG: proposal #1 len=40
2007-02-09 10:12:16: DEBUG: begin.
2007-02-09 10:12:16: DEBUG: seen nptype=3(trns)
2007-02-09 10:12:16: DEBUG: succeed.
2007-02-09 10:12:16: DEBUG: transform #1 len=28
2007-02-09 10:12:16: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2007-02-09 10:12:16: DEBUG: type=SA Life Duration, flag=0x0000, lorv=4
2007-02-09 10:12:16: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2007-02-09 10:12:16: DEBUG: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2007-02-09 10:12:16: DEBUG: proposal #1 len=36
2007-02-09 10:12:16: DEBUG: begin.
2007-02-09 10:12:16: DEBUG: seen nptype=3(trns)
2007-02-09 10:12:16: DEBUG: succeed.
2007-02-09 10:12:16: DEBUG: transform #2 len=24
2007-02-09 10:12:16: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2007-02-09 10:12:16: DEBUG: type=SA Life Duration, flag=0x0000, lorv=4
2007-02-09 10:12:16: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2007-02-09 10:12:16: DEBUG: pair 1:
2007-02-09 10:12:16: DEBUG: 0x80b27a0: next=0x80b27b0 tnext=0x0
2007-02-09 10:12:16: DEBUG: 0x80b27b0: next=0x0 tnext=0x0
2007-02-09 10:12:16: DEBUG: proposal #1: 2 transform
2007-02-09 10:12:16: DEBUG: begin compare proposals.
2007-02-09 10:12:16: DEBUG: pair[1]: 0x80b27a0
2007-02-09 10:12:16: DEBUG: 0x80b27a0: next=0x80b27b0 tnext=0x0
2007-02-09 10:12:16: DEBUG: 0x80b27b0: next=0x0 tnext=0x0
2007-02-09 10:12:16: DEBUG: prop#=1 prot-id=AH spi-size=4 #trns=1 trns#=1 trns-id=MD5
2007-02-09 10:12:16: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2007-02-09 10:12:16: DEBUG: type=SA Life Duration, flag=0x0000, lorv=4
2007-02-09 10:12:16: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2007-02-09 10:12:16: DEBUG: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2007-02-09 10:12:16: DEBUG: prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=2 trns-id=DES
2007-02-09 10:12:16: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2007-02-09 10:12:16: DEBUG: type=SA Life Duration, flag=0x0000, lorv=4
2007-02-09 10:12:16: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2007-02-09 10:12:16: DEBUG: peer's single bundle:
2007-02-09 10:12:16: DEBUG: (proto_id=AH spisize=4 spi=37535383 spi_p=00000000 encmode=Tunnel reqid=0:0)
2007-02-09 10:12:16: DEBUG: (trns_id=MD5 authtype=hmac-md5)
2007-02-09 10:12:16: DEBUG: (proto_id=ESP spisize=4 spi=98652c61 spi_p=00000000 encmode=Tunnel reqid=0:0)
2007-02-09 10:12:16: DEBUG: (trns_id=DES encklen=0 authtype=254)
2007-02-09 10:12:16: DEBUG: my single bundle:
2007-02-09 10:12:16: DEBUG: (proto_id=AH spisize=4 spi=02e09a38 spi_p=00000000 encmode=Tunnel reqid=0:0)
2007-02-09 10:12:16: DEBUG: (trns_id=MD5 authtype=hmac-md5)
2007-02-09 10:12:16: DEBUG: (proto_id=ESP spisize=4 spi=08f3c400 spi_p=00000000 encmode=Tunnel reqid=0:0)
2007-02-09 10:12:16: DEBUG: (trns_id=DES encklen=0 authtype=hmac-md5)
2007-02-09 10:12:16: DEBUG: (trns_id=DES encklen=0 authtype=254)
2007-02-09 10:12:16: DEBUG: (trns_id=DES encklen=0 authtype=hmac-md5)
2007-02-09 10:12:16: DEBUG: (trns_id=DES encklen=0 authtype=254)
2007-02-09 10:12:16: WARNING: authtype mismatched: my:hmac-md5 peer:254
2007-02-09 10:12:16: DEBUG: matched
racoon in free(): error: chunk is already free
Abort (core dumped)

Discussion

  • Uncle Pedro

    Uncle Pedro - 2007-02-09

    Logged In: YES
    user_id=1702317
    Originator: YES

    I apologize for not being clearer in my original post, but I'm posting this in the Support Requests forum because I'm not 100% sure it's a bug. If anyone can help me confirm that this isn't a configuration issue, I'd be happy to move this to the "Bugs" section (of course, I'd need some help with that too).

    Thanks.

     
  • Timo Teras

    Timo Teras - 2009-01-16

    Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you.

     
  • Timo Teras

    Timo Teras - 2009-01-16
    • status: open --> closed
     

Log in to post a comment.