View Issue Details

IDProjectCategoryView StatusLast Update
0004459Kali LinuxGeneral Bugpublic2018-01-23 10:14
Reporterpkreuzt Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2017.3 
Fixed in Version2018.1 
Summary0004459: nm-applet segfaults when conneting to a VPN provider
Description

Once the VPN is selected, it asks for root password (I'm using a non-root account for normal operation) and then crashes. The VPN connection is not completed. When launching nm-applet from console to see errors it only says "segfault".

Steps To Reproduce
  1. Configure a VPN
  2. Click on nm-applet and select that VPN
Attached Files

Activities

thegru

thegru

2018-01-15 10:53

reporter   ~0007811

I'm also experiencing similar issue, but my VPN connection succeeds. nm-applet just disappears from process list and from status bar.

Here's my backtrace:

Error in `nm-applet': free(): invalid pointer: 0x000055c697082e80

======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x722fb)[0x7f04d6cd52fb]
/lib/x86_64-linux-gnu/libc.so.6(+0x7895e)[0x7f04d6cdb95e]
/lib/x86_64-linux-gnu/libc.so.6(+0x791be)[0x7f04d6cdc1be]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_strfreev+0x29)[0x7f04d728f449]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_datalist_clear+0x6b)[0x7f04d725245b]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_unref+0x1a2)[0x7f04d754cea2]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x38e41)[0x7f04d725ce41]
/usr/lib/x86_64-linux-gnu/libnm.so.0(+0x62187)[0x7f04d84ce187]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_datalist_clear+0x6b)[0x7f04d725245b]
/usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_unref+0x1a2)[0x7f04d754cea2]
nm-applet(+0x1629c)[0x55c69542129c]
nm-applet(+0x198fc)[0x55c6954248fc]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x47724)[0x7f04d726b724]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x155)[0x7f04d726ee15]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x4b1e0)[0x7f04d726f1e0]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7f04d726f26c]
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0(g_application_run+0x1fd)[0x7f04d782cbed]
nm-applet(+0x101b1)[0x55c69541b1b1]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f04d6c83561]
nm-applet(+0x102da)[0x55c69541b2da]

sbrun

sbrun

2018-01-15 13:53

manager   ~0007818

related to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885525 (with a patch)
and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886152

roadkill

roadkill

2018-01-23 10:00

reporter   ~0007852

This is an upstream bug, patch attached

a52ccb2fe170558fc0aab4dd1d15ba8808b10951.patch (2,628 bytes)   
From a52ccb2fe170558fc0aab4dd1d15ba8808b10951 Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <[email protected]>
Date: Thu, 21 Dec 2017 20:36:48 +0100
Subject: shared/compat: fix memory handling of nm_setting_vpn_get_*_keys()

The previous fix was bad because the keys do not come from NMSettingVpn's hash
table but are copies that are freed by nm_setting_vpn_foreach_* before
it returns.

[[email protected]: import shared code from NetworkManager, merging
three patches together.]

Fixes: e93ca7fc129ec0f29f5313a3aa12839914df8fa2
Fixes: 0c90e08f77b71d2bda699cf032fceec0122bbf82

https://mail.gnome.org/archives/networkmanager-list/2017-December/msg00069.html
https://mail.gnome.org/archives/networkmanager-list/2017-December/msg00070.html
---
 shared/nm-utils/nm-compat.c | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/shared/nm-utils/nm-compat.c b/shared/nm-utils/nm-compat.c
index 47035e6..90328c0 100644
--- a/shared/nm-utils/nm-compat.c
+++ b/shared/nm-utils/nm-compat.c
@@ -30,7 +30,7 @@ _get_keys_cb (const char *key, const char *val, gpointer user_data)
 {
 	GPtrArray *a = user_data;
 
-	g_ptr_array_add (a, (gpointer) key);
+	g_ptr_array_add (a, g_strdup (key));
 }
 
 static const char **
@@ -40,22 +40,37 @@ _get_keys (NMSettingVpn *setting,
 {
 	guint len;
 	const char **keys = NULL;
-	gs_unref_ptrarray GPtrArray *a = NULL;
+	GPtrArray *a;
 
 	nm_assert (NM_IS_SETTING_VPN (setting));
 
-	a = g_ptr_array_new ();
+	if (is_secrets)
+		len = nm_setting_vpn_get_num_secrets (setting);
+	else
+		len = nm_setting_vpn_get_num_data_items (setting);
+
+	a = g_ptr_array_sized_new (len + 1);
+
 	if (is_secrets)
 		nm_setting_vpn_foreach_secret (setting, _get_keys_cb, a);
 	else
 		nm_setting_vpn_foreach_data_item (setting, _get_keys_cb, a);
-	len = a->len;
 
-	if (a->len) {
+	len = a->len;
+	if (len) {
 		g_ptr_array_sort (a, nm_strcmp_p);
 		g_ptr_array_add (a, NULL);
-		keys = (const char **) g_ptr_array_free (g_steal_pointer (&a), FALSE);
-	}
+		keys = g_memdup (a->pdata, a->len * sizeof (gpointer));
+
+		/* we need to cache the keys *somewhere*. */
+		g_object_set_qdata_full (G_OBJECT (setting),
+		                         is_secrets
+		                         ? NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_secret_keys")
+		                         : NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_data_keys"),
+		                         g_ptr_array_free (a, FALSE),
+		                         (GDestroyNotify) g_strfreev);
+	} else
+		g_ptr_array_free (a, TRUE);
 
 	NM_SET_OUT (out_length, len);
 	return keys;
-- 
cgit v0.12

sbrun

sbrun

2018-01-23 10:14

manager   ~0007853

it's fixed in version 1.8.10-2 now in kali-rolling.

Issue History

Date Modified Username Field Change
2018-01-08 19:59 pkreuzt New Issue
2018-01-15 10:53 thegru Note Added: 0007811
2018-01-15 13:53 sbrun Status new => confirmed
2018-01-15 13:53 sbrun Note Added: 0007818
2018-01-23 10:00 roadkill File Added: a52ccb2fe170558fc0aab4dd1d15ba8808b10951.patch
2018-01-23 10:00 roadkill Note Added: 0007852
2018-01-23 10:14 sbrun Status confirmed => resolved
2018-01-23 10:14 sbrun Resolution open => fixed
2018-01-23 10:14 sbrun Fixed in Version => 2018.1
2018-01-23 10:14 sbrun Note Added: 0007853