[Pkg-libvirt-maintainers] Bug#762417: Bug#762417: vinagre: cannot connect - libgrypt error?
Bernhard Übelacker
bernhardu at vr-web.de
Fri Nov 14 17:41:29 UTC 2014
Hello,
found the bug being listed as release critical, so tried if I can find
something out.
First:
It seems that vnc_connection_perform_auth_ard is only used for Apple
remote desktop:
VNC_CONNECTION_AUTH_ARD = 30,
/* Apple remote desktop (screen sharing) */
Second @Norbert:
Have you configured intentional fips mode for gcrypt?
Exists one of these files on your system?
/etc/gcrypt/fips_enabled
/proc/sys/crypto/fips_enabled
I ask because I do not even get near the crash because on my system in
function do_randomize(_gcry_random_bytes) it takes the branch to
_gcry_rngcsprng_randomize instead of _gcry_rngfips_randomize.
So I created the file /etc/gcrypt/fips_enabled temporarily.
Additionally got from snapshot.debian.org the old versions which were
used as far as I can see and installed them.
By cheating in basic_initialization by reseting initialized from 1 to
0 I entered the branch shown in the trace. For some reason on my
system it gets already initialized by some calls from libsecret-1.so.0.
But could still not reproduce the crash.
The function ath_mutex_init (called by
random-fips.c:basic_initialization) could only return EINVAL in these
cases:
- malloc inside ath_mutex_init sets errno to EINVAL
- pthread_mutex_init returns EINVAL
- or thread_model was not properly set.
Then the actual crash/abort happens while trying to call
fips_new_state which inside tries to do another ath_mutex_lock, which
fails because of again undefined thread_model.
--------------
- So tried to reproduce it but was not able to without cheating.
(attached a log of preparing my environment and a debug session)
- In my opinion the variable thread_model, used by
ath_mutex_{init,lock} is either not initialized or overwritten.
@Norbert:
are you using some very long computer, user names or passwords?
- Could a valgrind run help us here?
Kind regards,
Bernhard
PS.: Should this bug really be handled as release critical?
-------------- next part --------------
# day after bug being report
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/v/vinagre/vinagre_3.12.2-2_amd64.deb
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/f/freerdp/libfreerdp1_1.1.0%7Egit20140809.1.b07a5c1%2Bdfsg-4%2Bb1_amd64.deb
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/g/gtk-vnc/libgvnc-1.0-0_0.5.3-1.2_amd64.deb
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/g/gtk-vnc/libgvnc-1.0-0-dbg_0.5.3-1.2_amd64.deb
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/g/gtk-vnc/libgtk-vnc-1.0-0_0.5.3-1.2_amd64.deb
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/g/gtk-vnc/libgtk-vnc-1.0-0-dbg_0.5.3-1.2_amd64.deb
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/libg/libgcrypt20/libgcrypt20_1.6.2-3_amd64.deb
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/libg/libgcrypt20/libgcrypt20_1.6.2-3_i386.deb
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/libg/libgcrypt20/libgcrypt20-dbg_1.6.2-3_amd64.deb
# please do not follow these dpkg steps, if you do not know what you are doing!
$ dpkg --purge --force-depends libfreerdp-common1.1.0 libfreerdp-utils1.1 libwinpr-pool0.1 libwinpr-error0.1 libwinpr-sspi0.1 libwinpr-registry0.1 libfreerdp-rail1.1 libwinpr-path0.1 libwinpr-asn1-0.1 libwinpr-sspicli0.1 libwinpr-dsparse0.1 libfreerdp-core1.1 libfreerdp-client1.1 libwinpr-file0.1 libwinpr-bcrypt0.1 libwinpr-crt0.1 libwinpr-library0.1 libwinpr-environment0.1 libfreerdp-codec1.1 libwinpr-winsock0.1 libfreerdp-crypto1.1 libwinpr-credui0.1 libwinpr-winhttp0.1 libwinpr-io0.1 libwinpr-credentials0.1 libwinpr-sysinfo0.1 libwinpr-heap0.1 libwinpr-thread0.1 libxfreerdp-client1.1 libwinpr-timezone0.1 libfreerdp-primitives1.1 libfreerdp-locale1.1 libwinpr-crypto0.1 libwinpr-handle0.1 libwinpr-rpc0.1 libfreerdp-gdi1.1 libfreerdp-cache1.1 libwinpr-input0.1 libwinpr-synch0.1 libwinpr-utils0.1 libwinpr-interlocked0.1 libwinpr-pipe0.1
$ dpkg -i vinagre_3.12.2-2_amd64.deb libfreerdp1_1.1.0~git20140809.1.b07a5c1+dfsg-4+b1_amd64.deb libgtk-vnc-1.0-0_0.5.3-1.2_amd64.deb libgtk-vnc-1.0-0-dbg_0.5.3-1.2_amd64.deb libgvnc-1.0-0_0.5.3-1.2_amd64.deb libgvnc-1.0-0-dbg_0.5.3-1.2_amd64.deb libgcrypt20_1.6.2-3_amd64.deb libgcrypt20_1.6.2-3_i386.deb libgcrypt20-dbg_1.6.2-3_amd64.deb
mkdir src; cd src
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/g/gtk-vnc/gtk-vnc_0.5.3-1.2.debian.tar.xz
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/g/gtk-vnc/gtk-vnc_0.5.3-1.2.dsc
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/g/gtk-vnc/gtk-vnc_0.5.3.orig.tar.xz
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/libg/libgcrypt20/libgcrypt20_1.6.2-3.debian.tar.xz
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/libg/libgcrypt20/libgcrypt20_1.6.2-3.dsc
wget http://snapshot.debian.org/archive/debian/20140923T043541Z/pool/main/libg/libgcrypt20/libgcrypt20_1.6.2.orig.tar.bz2
dpkg-source -x gtk-vnc_0.5.3-1.2.dsc
dpkg-source -x libgcrypt20_1.6.2-3.dsc
dpkg-source -x libsecret_0.18-1.dsc
$ gdb --args vinagre 192.168.56.3
GNU gdb (Debian 7.7.1+dfsg-3) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from vinagre...(no debugging symbols found)...done.
(gdb) directory /home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/gtk-vnc-0.5.3/src
Source directories searched: /home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/gtk-vnc-0.5.3/src:$cdir:$cwd
(gdb) directory /home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/libgcrypt20-1.6.2/src
Source directories searched: /home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/libgcrypt20-1.6.2/src:/home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/gtk-vnc-0.5.3/src:$cdir:$cwd
(gdb) directory /home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/libgcrypt20-1.6.2/mpi
Source directories searched: /home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/libgcrypt20-1.6.2/mpi:/home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/libgcrypt20-1.6.2/src:/home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/gtk-vnc-0.5.3/src:$cdir:$cwd
(gdb) directory /home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/libgcrypt20-1.6.2/random
Source directories searched: /home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/libgcrypt20-1.6.2/random:/home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/libgcrypt20-1.6.2/mpi:/home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/libgcrypt20-1.6.2/src:/home/bernhard/data/entwicklung/2014/debian/vinagre/3.12.2/src/gtk-vnc-0.5.3/src:$cdir:$cwd
(gdb) b vnc_connection_perform_auth_ard
Function "vnc_connection_perform_auth_ard" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (vnc_connection_perform_auth_ard) pending.
(gdb) run
Starting program: /usr/bin/vinagre 192.168.56.3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe35c6700 (LWP 4888)]
[New Thread 0x7fffe2509700 (LWP 4889)]
[New Thread 0x7fffe1d08700 (LWP 4890)]
[New Thread 0x7fffd3fff700 (LWP 4894)]
gcrypt-Message: out of core handler ignored in FIPS mode
** Message: Remote error from secret service: org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.secrets was not provided by any .service files
^C
Program received signal SIGINT, Interrupt.
0x00007ffff3a5a18d in poll () at ../sysdeps/unix/syscall-template.S:81
81 ../sysdeps/unix/syscall-template.S: Datei oder Verzeichnis nicht gefunden.
(gdb) disa 1
(gdb) b basic_initialization
Breakpoint 2 at 0x7ffff37398b0: basic_initialization. (2 locations)
(gdb) cont
Continuing.
[Thread 0x7fffd3fff700 (LWP 4894) exited]
Breakpoint 2, basic_initialization () at random-fips.c:195
195 if (initialized)
(gdb) print initialized
$1 = 1
(gdb) set initialized=0
(gdb) next
199 my_errno = ath_mutex_init (&fips_rng_lock);
(gdb) step
191 {
(gdb)
197 initialized = 1;
(gdb)
199 my_errno = ath_mutex_init (&fips_rng_lock);
(gdb)
_gcry_ath_mutex_init (lock=lock at entry=0x7ffff397c620 <fips_rng_lock>) at ath.c:199
199 switch (thread_model)
(gdb) print thread_model
$2 = ath_model_pthreads_weak
(gdb) set thread_model=0
(gdb) step
246 err = EINVAL;
(gdb)
basic_initialization () at random-fips.c:200
200 if (my_errno)
(gdb)
201 log_fatal ("failed to create the RNG lock: %s\n", strerror (my_errno));
(gdb)
strerror (errnum=22) at strerror.c:31
31 strerror.c: Datei oder Verzeichnis nicht gefunden.
(gdb) b _gcry_fips_signal_error
Breakpoint 3 at 0x7ffff36ae600: _gcry_fips_signal_error. (3 locations)
(gdb) cont
Continuing.
gcrypt-Message: failed to create the RNG lock: Das Argument ist ungültig
Breakpoint 3, _gcry_fips_signal_error (srcfile=srcfile at entry=0x7ffff3745210 "misc.c", srcline=srcline at entry=140,
srcfunc=srcfunc at entry=0x7ffff3745320 <__FUNCTION__.7674> "_gcry_logv", is_fatal=is_fatal at entry=1,
description=description at entry=0x7ffff374525b "internal error (fatal or bug)") at fips.c:728
728 if (!fips_mode ())
(gdb) next
Breakpoint 3, _gcry_fips_signal_error (srcfile=srcfile at entry=0x7ffff3745210 "misc.c", srcline=srcline at entry=140,
srcfunc=srcfunc at entry=0x7ffff3745320 <__FUNCTION__.7674> "_gcry_logv", is_fatal=is_fatal at entry=1,
description=description at entry=0x7ffff374525b "internal error (fatal or bug)") at fips.c:725
725 _gcry_fips_signal_error (const char *srcfile, int srcline, const char *srcfunc,
(gdb) step
732 fips_new_state (is_fatal? STATE_FATALERROR : STATE_ERROR);
(gdb) print is_fatal
$3 = 1
(gdb) step
fips_new_state (new_state=new_state at entry=STATE_FATALERROR) at fips.c:755
755 {
(gdb) next
759 lock_fsm ();
(gdb) step
lock_fsm () at fips.c:222
222 {
(gdb)
225 err = ath_mutex_lock (&fsm_lock);
(gdb) print fsm_lock
$4 = (ath_mutex_t) 0xa8ce00
(gdb) x fsm_lock
0xa8ce00: 0x00000000
(gdb) x *fsm_lock
Attempt to dereference a generic pointer.
(gdb) step
_gcry_ath_mutex_lock (lock=lock at entry=0x7ffff397c2a8 <fsm_lock>) at ath.c:321
321 switch (thread_model)
(gdb) next
354 err = EINVAL;
(gdb)
359 }
(gdb)
lock_fsm () at fips.c:226
226 if (err)
(gdb)
225 err = ath_mutex_lock (&fsm_lock);
(gdb)
226 if (err)
(gdb)
228 log_info ("FATAL: failed to acquire the FSM lock in libgrypt: %s\n",
(gdb) next
gcrypt-Message: FATAL: failed to acquire the FSM lock in libgrypt: Das Argument ist ungültig
231 syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
(gdb) next
235 abort ();
(gdb) next
Program received signal SIGABRT, Aborted.
0x00007ffff39b2107 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0 0x00007ffff39b2107 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff39b34e8 in __GI_abort () at abort.c:89
#2 0x00007ffff36addf4 in lock_fsm () at fips.c:235
#3 0x00007ffff36ae111 in fips_new_state (new_state=new_state at entry=STATE_FATALERROR) at fips.c:759
#4 0x00007ffff36ae62a in _gcry_fips_signal_error (srcfile=srcfile at entry=0x7ffff3745210 "misc.c", srcline=srcline at entry=140,
srcfunc=srcfunc at entry=0x7ffff3745320 <__FUNCTION__.7674> "_gcry_logv", is_fatal=is_fatal at entry=1,
description=description at entry=0x7ffff374525b "internal error (fatal or bug)") at fips.c:732
#5 0x00007ffff36ae70f in _gcry_fips_signal_error (srcfile=srcfile at entry=0x7ffff3745210 "misc.c", srcline=srcline at entry=140,
srcfunc=srcfunc at entry=0x7ffff3745320 <__FUNCTION__.7674> "_gcry_logv", is_fatal=is_fatal at entry=1,
description=description at entry=0x7ffff374525b "internal error (fatal or bug)") at fips.c:728
#6 0x00007ffff36a6f51 in _gcry_logv (level=level at entry=40, fmt=fmt at entry=0x7ffff3763008 "failed to create the RNG lock: %s\n",
arg_ptr=arg_ptr at entry=0x7fffe1083af0) at misc.c:140
#7 0x00007ffff36a7361 in _gcry_log_fatal (fmt=fmt at entry=0x7ffff3763008 "failed to create the RNG lock: %s\n") at misc.c:230
#8 0x00007ffff3739905 in basic_initialization () at random-fips.c:201
#9 0x00007ffff373a6c1 in _gcry_rngfips_initialize (full=1) at random-fips.c:746
#10 _gcry_rngfips_randomize (buffer=0xb38fd0, length=3, level=GCRY_STRONG_RANDOM) at random-fips.c:835
#11 0x00007ffff3737f00 in _gcry_random_bytes (nbytes=nbytes at entry=3, level=level at entry=GCRY_STRONG_RANDOM) at random.c:324
#12 0x00007ffff3742b0e in _gcry_mpi_randomize (w=0xb24790, nbits=nbits at entry=24, level=level at entry=GCRY_STRONG_RANDOM) at mpiutil.c:586
#13 0x00007ffff36a6995 in gcry_mpi_randomize (w=<optimized out>, nbits=nbits at entry=24, level=level at entry=GCRY_STRONG_RANDOM)
at visibility.c:1317
#14 0x00007fffe9b92d83 in vnc_dh_gen_secret (dh=0xb10640) at ../../../src/dh.c:78
#15 0x00007fffe9ba2e72 in vnc_connection_perform_auth_ard (conn=<optimized out>) at ../../../src/vncconnection.c:3517
#16 vnc_connection_perform_auth (conn=<optimized out>) at ../../../src/vncconnection.c:4501
#17 vnc_connection_initialize (conn=<optimized out>) at ../../../src/vncconnection.c:4973
#18 vnc_connection_coroutine (opaque=0xa37810) at ../../../src/vncconnection.c:5186
#19 0x00007fffe9ba503b in coroutine_trampoline (cc=0xa33cb0) at ../../../src/coroutine_ucontext.c:55
#20 0x00007ffff39c2f60 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#21 0x0000000000a34078 in ?? ()
#22 0x0000000000000000 in ?? ()
(gdb) kill
Kill the program being debugged? (y or n) y
(gdb)
(gdb) run
Starting program: /usr/bin/vinagre 192.168.56.3
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe35c6700 (LWP 5329)]
[New Thread 0x7fffe2509700 (LWP 5330)]
[New Thread 0x7fffe1d08700 (LWP 5331)]
[New Thread 0x7fffd3fff700 (LWP 5335)]
gcrypt-Message: out of core handler ignored in FIPS mode
Breakpoint 2, basic_initialization () at random-fips.c:195
195 if (initialized)
(gdb) bt
#0 basic_initialization () at random-fips.c:195
#1 0x00007ffff373a648 in _gcry_rngfips_initialize (full=0) at random-fips.c:746
#2 0x00007ffff36a812c in _gcry_vcontrol (cmd=0, arg_ptr=0x7ffff3d37c44 <default_mutexattr>, arg_ptr at entry=0x7fffffffd290) at global.c:473
#3 0x00007ffff36a4f89 in gcry_control (cmd=<optimized out>) at visibility.c:79
#4 0x00007ffff7bc21ff in ?? () from /usr/lib/x86_64-linux-gnu/libsecret-1.so.0
#5 0x00007ffff7baed15 in ?? () from /usr/lib/x86_64-linux-gnu/libsecret-1.so.0
#6 0x00007ffff7ba781e in ?? () from /usr/lib/x86_64-linux-gnu/libsecret-1.so.0
#7 0x00007ffff5bb2877 in g_simple_async_result_complete () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#8 0x00007ffff5bb28d9 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#9 0x00007ffff5627b6d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#10 0x00007ffff5627f48 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#11 0x00007ffff5628272 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007ffff7ba4b09 in secret_password_lookupv_sync () from /usr/lib/x86_64-linux-gnu/libsecret-1.so.0
#13 0x00007ffff7ba4cd2 in secret_password_lookup_sync () from /usr/lib/x86_64-linux-gnu/libsecret-1.so.0
#14 0x000000000041f11f in ?? ()
#15 0x0000000000426e52 in ?? ()
#16 0x00007ffff5900223 in g_cclosure_marshal_VOID__BOXEDv () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#17 0x00007ffff58fd474 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#18 0x00007ffff5917057 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#19 0x00007ffff59179af in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#20 0x00007ffff46a5855 in ?? () from /usr/lib/libgtk-vnc-2.0.so.0
#21 0x00007ffff5900223 in g_cclosure_marshal_VOID__BOXEDv () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#22 0x00007ffff58fd474 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#23 0x00007ffff5917057 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#24 0x00007ffff59179af in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#25 0x00007fffe9b9c78e in do_vnc_connection_emit_main_context (opaque=0x7fffe1083c00) at ../../../src/vncconnection.c:501
#26 0x00007ffff5627b6d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#27 0x00007ffff5627f48 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#28 0x00007ffff5627ffc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#29 0x00007ffff5be51bc in g_application_run () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#30 0x0000000000411555 in ?? ()
#31 0x00007ffff399eb45 in __libc_start_main (main=0x411480, argc=2, argv=0x7fffffffe0e8, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffe0d8) at libc-start.c:287
#32 0x0000000000411650 in ?? ()
(gdb) print initialized
$5 = 0
(gdb)
$ mpicalc --print-config
version:1.6.2:
ciphers:arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia:idea:salsa20:gost28147:
pubkeys:dsa:elgamal:rsa:ecc:
digests:crc:gostr3411-94:md4:md5:rmd160:sha1:sha256:sha512:tiger:whirlpool:stribog:
rnd-mod:linux:
cpu-arch:x86:
mpi-asm:amd64/mpih-add1.S:amd64/mpih-sub1.S:amd64/mpih-mul1.S:amd64/mpih-mul2.S:amd64/mpih-mul3.S:amd64/mpih-lshift.S:amd64/mpih-rshift.S:
threads:none:
hwflist:
fips-mode:y:n:
rng-type:fips:2:
More information about the Pkg-libvirt-maintainers
mailing list