Bug#898448: Makes vinagre segfault on authentication failure

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Tue May 15 08:19:33 BST 2018 

Control: tags -1 patch

Hi Josh,

On  Mo 14 Mai 2018 19:43:42 CEST, Josh Triplett wrote:

> On Mon, May 14, 2018 at 01:49:57PM +0000, Mike Gabriel wrote:
>> HI Josh,
>>
>> On  Fr 11 Mai 2018 21:02:04 CEST, Josh Triplett wrote:
>>
>> > Package: libfreerdp2-2
>> > Version: 2.0.0~git20180411.1.7a7b1802+dfsg1-1
>> > Severity: important
>> >
>> > After upgrading libfreerdp2-2, authentication failures (mistyped
>> > password) started causing segfaults:
>> >
>> > May 11 11:41:29 jtriplet-mobl2 vinagre.desktop[9277]: [11:41:29:080]
>> > [9277:9277] [ERROR][com.freerdp.core] - freerdp_set_last_error
>> > ERRCONNECT_LOGON_FAILURE [0x00020014]
>> > May 11 11:41:29 jtriplet-mobl2 vinagre.desktop[9277]: [11:41:29:080]
>> > [9277:9277] [ERROR][com.freerdp.core.rdp] - rdp_recv_callback:
>> > CONNECTION_STATE_NLA - nla_recv_pdu() fail
>> > May 11 11:41:29 jtriplet-mobl2 vinagre.desktop[9277]: [11:41:29:080]
>> > [9277:9277] [ERROR][com.freerdp.core.transport] - transport_check_fds:
>> > transport->ReceiveCallback() - -1
>> > May 11 11:41:29 jtriplet-mobl2 kernel: vinagre[9277]: segfault at 9 ip
>> > 00007fbc84bf6ab0 sp 00007ffc05377a40 error 4 in
>> > libfreerdp2.so.2.0.0[7fbc84b1c000+137000]
>> >
>>
>> I contacted one of the upstream authors on this.
>>
>> Can you provide a gdb backtrace ("bt full") to get some more insight what
>> happens to vinagre?
>
> Sure. I can easily reproduce this, just by entering an incorrect
> username and password.
>
> Thread 1 "vinagre" received signal SIGSEGV, Segmentation fault.
> clear_context_free (clear=0x1) at ./libfreerdp/codec/clear.c:1216
> 1216	./libfreerdp/codec/clear.c: No such file or directory.
> (gdb) bt full
> #0  0x00007ffff528bab0 in clear_context_free (clear=0x1) at  
> ./libfreerdp/codec/clear.c:1216
>         clear = 0x1
> #1  0x00007ffff522a9cd in codecs_free (codecs=0x555555dd62b0) at  
> ./libfreerdp/core/codecs.c:213
> #2  0x00007ffff5224c77 in freerdp_disconnect  
> (instance=0x555555d14d00) at ./libfreerdp/core/freerdp.c:508
>         rc = 1
>         rdp = <optimized out>
> #3  0x0000555555584769 in vinagre_rdp_tab_dispose  
> (object=0x555555cfe920) at plugins/rdp/vinagre-rdp-tab.c:182
>         rdp_tab = 0x555555cfe920
>         priv = 0x555555cfe730
> #4  0x00007ffff5be1e03 in g_object_unref () at  
> /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
> #5  0x00007ffff6b5da39 in gtk_container_remove () at  
> /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
> #6  0x0000555555570748 in vinagre_notebook_close_tab  
> (nb=0x555555b06230, tab=0x555555cfe920) at  
> vinagre/vinagre-notebook.c:697
>         position = 0
>         notebook = 0x555555b06230
>         previous_active_tab = 0x555555cfe920
>         __func__ = "vinagre_notebook_close_tab"
> #7  0x0000555555583074 in idle_close (tab=0x555555cfe920) at  
> plugins/rdp/vinagre-rdp-tab.c:272
> #8  0x00007ffff59030f5 in g_main_context_dispatch () at  
> /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
> #9  0x00007ffff59034c0 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
> #10 0x00007ffff590354c in g_main_context_iteration () at  
> /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
> #11 0x00007ffff5ec3cdd in g_application_run () at  
> /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
> #12 0x00005555555655cf in main (argc=1, argv=0x7fffffffdf68) at  
> vinagre/vinagre-main.c:196
>         app = 0x5555557e91a0
>         res = <optimized out>
>

Is it possible for you to patch freerdp2 with this [1] patch and check  
if the issue is gone then?

Thanks,
Mike

[1] https://github.com/FreeRDP/FreeRDP/pull/4648/files
-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: Digitale PGP-Signatur
URL: <http://alioth-lists.debian.net/pipermail/pkg-remote-team/attachments/20180515/990c92aa/attachment.sig>

More information about the pkg-remote-team mailing list