Segfault while using authnull OE

[The-Mule]

When OE is configured to allow authnull in libreswan-5.0-1:

# /etc/ipsec.d/oe-authnull.conf
#
# Example file for Opportunstic Encryption using Auth NULL
# During negotiation, hold traffic. On IKE Auth NULL failure, fail open
# Traffic is held until IKE has failed or succeeded
# Because it uses Auth NULL, there is no protection against active MITM attacks
#
# See also oe-upgrade-authnull.conf

conn clear
        type=passthrough
        # temp workaround
        #authby=never
        authby=null
        leftid=%null
        rightid=%null
        left=%defaultroute
        right=%group
        auto=route

conn clear-or-private
        type=tunnel
        authby=null
        leftid=%null
        rightid=%null
        left=%defaultroute
        right=%opportunisticgroup
        negotiationshunt=hold
        failureshunt=passthrough
        ikev2=insist
        # add, not route - because this policy is only for incoming IKE packets
        auto=add

conn private-or-clear
        type=tunnel
        authby=null
        leftid=%null
        rightid=%null
        left=%defaultroute
        right=%opportunisticgroup
        negotiationshunt=hold
        failureshunt=passthrough
        ikev2=insist
        auto=route
        keyingtries=1
        retransmit-timeout=2s

conn private
        type=tunnel
        authby=null
        leftid=%null
        rightid=%null
        left=%defaultroute
        right=%opportunisticgroup
        negotiationshunt=hold
        failureshunt=drop
        ikev2=insist
        auto=route

conn block
        type=reject
        # temp workaround
        #authby=never
        authby=null
        leftid=%null
        rightid=%null
        left=%defaultroute
        right=%group
        auto=route

with IPv4 and IPv6 addresses in private policy, pluto segfaults while trying to make a connection:

# coredumpctl dump
           PID: 4937 (pluto)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 11 (SEGV)
     Timestamp: Fri 2024-06-14 07:47:23 EDT (12min ago)
  Command Line: /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork
    Executable: /usr/libexec/ipsec/pluto
 Control Group: /system.slice/ipsec.service
          Unit: ipsec.service
         Slice: system.slice
       Boot ID: 0f82526558ff44929c73fad403cbe3ad
    Machine ID: f1480d5e8c59483d8bfc1866b3e6360f
      Hostname: vm-10-0-185-130.hosted.upshift.rdu2.redhat.com
       Storage: /var/lib/systemd/coredump/core.pluto.0.0f82526558ff44929c73fad403cbe3ad.4937.1718365643000000.zst (present)
  Size on Disk: 782.4K
       Package: libreswan/5.0-1.fc41
      build-id: 21339e7f7f194eeb2e01a7a00711e18c131ece87
       Message: Process 4937 (pluto) of user 0 dumped core.

                Module libtasn1.so.6 from rpm libtasn1-4.19.0-6.fc40.x86_64
                Module p11-kit-trust.so from rpm p11-kit-0.25.3-4.fc40.x86_64
                Module libffi.so.8 from rpm libffi-3.4.6-1.fc41.x86_64
                Module p11-kit-proxy.so from rpm p11-kit-0.25.3-4.fc40.x86_64
                Module libbrotlicommon.so.1 from rpm brotli-1.1.0-3.fc40.x86_64
                Module libkeyutils.so.1 from rpm keyutils-1.6.3-3.fc40.x86_64
                Module libkrb5support.so.0 from rpm krb5-1.21.2-5.fc40.x86_64
                Module libcom_err.so.2 from rpm e2fsprogs-1.47.0-5.fc40.x86_64
                Module libk5crypto.so.3 from rpm krb5-1.21.2-5.fc40.x86_64
                Module libkrb5.so.3 from rpm krb5-1.21.2-5.fc40.x86_64
                Module libunistring.so.5 from rpm libunistring-1.1-7.fc41.x86_64
                Module libsasl2.so.3 from rpm cyrus-sasl-2.1.28-22.fc41.x86_64
                Module libprotobuf-c.so.1 from rpm protobuf-c-1.5.0-3.fc40.x86_64
                Module libpython3.12.so.1.0 from rpm python3.12-3.12.3-2.fc41.x86_64
                Module libevent-2.1.so.7 from rpm libevent-2.1.12-13.fc41.x86_64
                Module libplds4.so from rpm nss-3.100.0-1.fc41.x86_64
                Module libplc4.so from rpm nss-3.100.0-1.fc41.x86_64
                Module libz.so.1 from rpm zlib-ng-2.1.6-6.fc41.x86_64
                Module libbrotlidec.so.1 from rpm brotli-1.1.0-3.fc40.x86_64
                Module libgssapi_krb5.so.2 from rpm krb5-1.21.2-5.fc40.x86_64
                Module libcrypto.so.3 from rpm openssl-3.2.2-1.fc41.x86_64
                Module libssl.so.3 from rpm openssl-3.2.2-1.fc41.x86_64
                Module libpsl.so.5 from rpm libpsl-0.21.5-3.fc40.x86_64
                Module libssh.so.4 from rpm libssh-0.10.6-6.fc41.x86_64
                Module libidn2.so.0 from rpm libidn2-2.3.7-1.fc40.x86_64
                Module libnghttp2.so.14 from rpm nghttp2-1.62.0-1.fc41.x86_64
                Module libpcre2-8.so.0 from rpm pcre2-10.43-2.fc41.1.x86_64
                Module libeconf.so.0 from rpm libeconf-0.6.2-2.fc41.x86_64
                Module libevent_pthreads-2.1.so.7 from rpm libevent-2.1.12-13.fc41.x86_64
                Module libevent_core-2.1.so.7 from rpm libevent-2.1.12-13.fc41.x86_64
                Module libaudit.so.1 from rpm audit-4.0.1-2.fc41.x86_64
                Module libldns.so.3 from rpm ldns-1.8.3-14.fc41.x86_64
                Module libunbound.so.8 from rpm unbound-1.20.0-1.fc41.x86_64
                Module libcap-ng.so.0 from rpm libcap-ng-0.8.5-1.fc41.x86_64
                Module libnspr4.so from rpm nss-3.100.0-1.fc41.x86_64
                Module libseccomp.so.2 from rpm libseccomp-2.5.3-8.fc40.x86_64
                Module libcurl.so.4 from rpm curl-8.8.0-1.fc41.x86_64
                Module libselinux.so.1 from rpm libselinux-3.6-4.fc40.x86_64
                Module libpam.so.0 from rpm pam-1.6.1-3.fc41.x86_64
                Module libcrypt.so.2 from rpm libxcrypt-4.4.36-5.fc40.x86_64
                Module pluto from rpm libreswan-5.0-1.fc41.x86_64
                Stack trace of thread 4937:
                #0  0x000055a4dca128c6 ikev2_find_host_connection.constprop.0 (pluto + 0x968c6)
                #1  0x000055a4dca12eff find_v2_host_pair_connection (pluto + 0x96eff)
                #2  0x000055a4dc98ea15 process_v2_IKE_SA_INIT (pluto + 0x12a15)
                #3  0x000055a4dca45d95 process_md (pluto + 0xc9d95)
                #4  0x000055a4dca460ec process_iface_packet (pluto + 0xca0ec)
                #5  0x000055a4dca0acb5 fd_read_listener_event_handler (pluto + 0x8ecb5)
                #6  0x00007faa03acd00a event_process_active_single_queue (libevent_core-2.1.so.7 + 0x2100a)
                #7  0x00007faa03aceeaf event_base_loop (libevent_core-2.1.so.7 + 0x22eaf)
                #8  0x000055a4dca0d509 run_server (pluto + 0x91509)
                #9  0x000055a4dc98ac07 main (pluto + 0xec07)
                #10 0x00007faa0383d1c8 __libc_start_call_main (libc.so.6 + 0x2a1c8)
                #11 0x00007faa0383d28b __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x2a28b)
                #12 0x000055a4dc98adc5 _start (pluto + 0xedc5)

Attaching core gdb bt full output. core-bt-full.txt

[cagney]

		/*
		 * Opportunistic or Shunt:
		 *
		 * Keep searching selecting the narrowest
		 * match, based on addresses, each time.
		 *
		 * Don't consider the protocol/port as, at
		 * this point (just received an IKE_SA_INIT
		 * request), they are not known (and won't be
		 * known until the next exchange - IKE_AUTH).
		 *
		 * The end result, which depends on the order
		 * that the connections are loaded, is
		 * probably going to be wrong (for instance
		 * when connections include protocol / port).
		 */

->		if (!address_in_selector_range(remote_address, d->spd->remote->client)) {
			address_buf ab;
			selector_buf sb;
			connection_buf cb;
			dbg("  skipping "PRI_CONNECTION", as %s is-not in range %s",
			    pri_connection(d, &cb),
			    str_address(&remote_address, &ab),
			    str_selector(&d->spd->remote->client, &sb));
			continue;
		}

[cagney]

please provide a log

[The-Mule]

@cagney I am sorry, I simply can't reproduce it any longer, I suppose I had some kind of bogus in the policy file and I did not notice. Please feel free to close this issue. With 5.1 all our OE test cases pass. Sorry for a false alarm.