After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 706332 - crash in update_ip6_routing if IPv6 internal gateway is missing
crash in update_ip6_routing if IPv6 internal gateway is missing
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: VPN (general)
git master
Other Linux
: Normal critical
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2013-08-19 18:51 UTC by Nicolas Iooss
Modified: 2013-11-01 10:10 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
get_best_ip6_config patch (985 bytes, patch)
2013-08-19 18:51 UTC, Nicolas Iooss 		none Details | Review

Description Nicolas Iooss 2013-08-19 18:51:27 UTC 
Created attachment 252274 [details] [review]
get_best_ip6_config patch 

NetworkManager crashes with segmentation fault at nm-policy.c:790 when connecting to a VPN which doesn't provide an IPv6 internal gateway.

GDB backtrace (with git revision d9cba44e6c4fdae3593021ff3f3fb7fc6467010d):

+ Trace 232396

  • #0 update_ip6_routing
    at nm-policy.c line 790
  • #1 update_routing_and_dns
    at nm-policy.c line 833
  • #2 vpn_connection_activated
    at nm-policy.c line 1591
  • #3 active_connection_state_changed
    at nm-policy.c line 1640 

nm-policy.c:790 is:
struct in6_addr int_gw = *nm_vpn_connection_get_ip6_internal_gateway (vpn);

As nm_vpn_connection_get_ip6_internal_gateway returns NULL, there is a NULL pointer dereference here. To prevent it, I modified get_best_ip6_config to never return such VPN connection. Such configuration occurs with an OpenVPN server which doesn't provide IPv6 routing, and therefore expected behavior is to use the non-VPN gateway as default route.
Comment 2 Thomas Haller 2013-10-31 14:04:14 UTC 
Oh, sorry, I did not see this patch :$

The approach I commited yesterday, is different in that if the vpn does not have an internal gateway, we add a route to :: over that vpn. That is also, what happens in the IPv4 case.

If a VPN does not have the internal gateway and it should not get the default route, then you must configure the never-default flag for it.
Comment 3 Nicolas Iooss 2013-11-01 09:41:55 UTC 
No problem. This issue has been discussed on the mailing list and in August I wasn't sure OpenVPN behaves correctly with a route which next-hop is ::. On October, 1st, I bought a server with a /64 and made some tests with OpenVPN. My tests showed that such configuration works.

However, NetworkManager is still crashing with a NULL pointer dereference somewhere else. In src/vpn-manager/nm-vpn-connection.c on line 1087 (http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/vpn-manager/nm-vpn-connection.c?id=a7bab4015ebf12714f6e7ea6303cb46df6465058#n1087):

    if (IN6_ARE_ADDR_EQUAL (&route.network, priv->ip6_external_gw) && route.plen == 128)

This code fails if priv->ip6_external_gw is NULL, ie. when using an IPv4 VPN server which provides IPv6 internally. Is it possible to change this to:

    if (priv->ip6_external_gw != NULL && IN6_ARE_ADDR_EQUAL (&route.network, priv->ip6_external_gw) && route.plen == 128)

I may also open a new bug for this small patch if needed.

Thanks
Comment 4 Thomas Haller 2013-11-01 10:10:35 UTC 
Hi Nicolas,

I pushed this change to upstream master:

http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=886ca75ac33de252158a63074cc7cf9d0215c962&context=6


Thank you for your effort!!
Thomas