ocserv is an open-source VPN software compatible to many proprietary solutions including Cisco AnyConnect, so I use it for my iOS devices.
Recently I noticed that my ocserv service was not working after upgrading to Ubuntu 22.04, and got this message:
[Tue Sep 26 17:35:27 2023] traps: ocserv-worker[6826] general protection fault ip:7f09bab28898 sp:7ffd36c9add0 error:0 in libc.so.6[7f09bab28000+195000]
It looked not a good sign for a security software.
After some trials, I found it's easy to reproduce the message via openssl s_client -connect vpn.example.com:1234 from another Ubuntu server.
So next was trying to catch its stack with debug information before segfault. I set up Debug Symbol Packages and then installed all related dbg packages, then run gdb with set follow-fork-mode child to catch issues including the ones in child processes.
Just few seconds, I got one:
(gdb) bt
#0 __GI_abort () at ./stdlib/abort.c:107
#1 0x00007fe81996545c in __libc_message (action=do_abort, fmt=0x7fe819ab77b1 "%s",
fmt=0x7fe819ab77b1 "%s", action=do_abort) at ../sysdeps/posix/libc_fatal.c:155
#2 0x00007fe819965770 in __GI___libc_fatal (
message=message@entry=0x7fe819ab9d28 "The futex facility returned an unexpected error code.\n")
at ../sysdeps/posix/libc_fatal.c:164
#3 0x00007fe819975f1a in futex_fatal_error () at ../sysdeps/nptl/futex-internal.h:87
#4 futex_wait (private=<optimized out>, expected=<optimized out>, futex_word=<optimized out>)
at ../sysdeps/nptl/futex-internal.h:162
#5 futex_wait_simple (private=<optimized out>, expected=<optimized out>, futex_word=<optimized out>)
at ../sysdeps/nptl/futex-internal.h:177
#6 __pthread_once_slow (once_control=0x7fe819eb5d88 <keylog_once>,
init_routine=0x7fe819d17020 <keylog_once_init>) at ./nptl/pthread_once.c:105
#7 0x00007fe819d1ea3d in gnutls_once (once=0x7fe819eb5d88 <keylog_once>,
init_func=0x7fe819d17020 <keylog_once_init>) at ../../lib/locks.c:115
#8 _gnutls_nss_keylog_write (secret_size=48,
secret=0x55de435c717c "x", label=0x7fe819e36af8 "CLIENT_HANDSHAKE_TRAFFIC_SECRET",
session=0x55de435c5970) at ../../lib/kx.c:158
#9 _gnutls_nss_keylog_func (secret=<optimized out>, secret=<optimized out>,
label=0x7fe819e36af8 "CLIENT_HANDSHAKE_TRAFFIC_SECRET", session=0x55de435c5970) at ../../lib/kx.c:131
#10 _gnutls_nss_keylog_func (session=0x55de435c5970,
label=0x7fe819e36af8 "CLIENT_HANDSHAKE_TRAFFIC_SECRET", secret=<optimized out>) at ../../lib/kx.c:121
#11 0x00007fe819d3c824 in _gnutls_call_keylog_func (size=<optimized out>,
data=0x55de435c717c "x", label=0x7fe819e36af8 "CLIENT_HANDSHAKE_TRAFFIC_SECRET",
session=0x55de435c5970) at ../../lib/kx.c:115
#12 _tls13_set_keys (key_size=32, iv_size=12, params=0x55de435c0e70, stage=STAGE_HS,
session=0x55de435c5970) at ../../lib/constate.c:438
#13 _gnutls_epoch_set_keys (session=session@entry=0x55de435c5970, epoch=epoch@entry=1,
stage=stage@entry=STAGE_HS) at ../../lib/constate.c:714
#14 0x00007fe819d3dcc0 in _tls13_connection_state_init (session=0x55de435c5970, stage=STAGE_HS)
at ../../lib/constate.c:1208
#15 0x00007fe819d070e5 in _gnutls13_handshake_server (session=0x55de435c5970)
at ../../lib/handshake-tls13.c:423
#16 0x00007fe819d1bda0 in gnutls_handshake (session=0x55de435c5970) at ../../lib/handshake.c:2874
#17 0x000055de422ea402 in vpn_server (ws=0x55de435aec20) at ./src/worker-vpn.c:859
#18 main (argc=<optimized out>, argv=<optimized out>) at ./src/worker.c:189
There was a _tls13_set_keys() called so I immediately gave it a try to see whether TLS 1.2 was working:
openssl s_client -tls1_2 -connect vpn.example.com:1234
And yes, it's working now.
So back to trace the bug and I saw gnutls_once() was called in ../../lib/locks.c:115, which you can see in locks.c's L115. But it's actaully completely rewritten in the next version 3.7.4.
Anyway, I needed a workaround allowing clients able to connect to my VPN server. The workaround I choose is to disable TLS 1.3, so it will not touch the problematic code path. Added -VERS-TLS1.3 to tls-priorities and everything goes back to normal:
tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128:-VERS-TLS1.3"
It's not optimal, but okay for now.