0004459: nm-applet segfaults when conneting to a VPN provider

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

Project

Category

View Status

Date Submitted

Last Update

0004459

Kali Linux

[All Projects] General Bug

public

2018-01-08 19:59

2018-01-23 10:14

Reporter

pkreuzt

Assigned To

Priority

normal

Severity

major

Reproducibility

always

Status

resolved

Resolution

fixed

Product Version

2017.3

Target Version

Fixed in Version

2018.1

Summary

0004459: nm-applet segfaults when conneting to a VPN provider

Description

Once the VPN is selected, it asks for root password (I'm using a non-root account for normal operation) and then crashes. The VPN connection is not completed. When launching nm-applet from console to see errors it only says "segfault".

Steps To Reproduce

1. Configure a VPN
2. Click on nm-applet and select that VPN

Attached Files

a52ccb2fe170558fc0aab4dd1d15ba8808b10951.patch (2,628 bytes) 2018-01-23 10:00

From a52ccb2fe170558fc0aab4dd1d15ba8808b10951 Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
Date: Thu, 21 Dec 2017 20:36:48 +0100
Subject: shared/compat: fix memory handling of nm_setting_vpn_get_*_keys()

The previous fix was bad because the keys do not come from NMSettingVpn's hash
table but are copies that are freed by nm_setting_vpn_foreach_* before
it returns.

[thaller@redhat.com: import shared code from NetworkManager, merging
three patches together.]

Fixes: e93ca7fc129ec0f29f5313a3aa12839914df8fa2
Fixes: 0c90e08f77b71d2bda699cf032fceec0122bbf82

https://mail.gnome.org/archives/networkmanager-list/2017-December/msg00069.html
https://mail.gnome.org/archives/networkmanager-list/2017-December/msg00070.html
---
 shared/nm-utils/nm-compat.c | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/shared/nm-utils/nm-compat.c b/shared/nm-utils/nm-compat.c
index 47035e6..90328c0 100644
--- a/shared/nm-utils/nm-compat.c
+++ b/shared/nm-utils/nm-compat.c
@@ -30,7 +30,7 @@ _get_keys_cb (const char *key, const char *val, gpointer user_data)
 {
 	GPtrArray *a = user_data;
 
-	g_ptr_array_add (a, (gpointer) key);
+	g_ptr_array_add (a, g_strdup (key));
 }
 
 static const char **
@@ -40,22 +40,37 @@ _get_keys (NMSettingVpn *setting,
 {
 	guint len;
 	const char **keys = NULL;
-	gs_unref_ptrarray GPtrArray *a = NULL;
+	GPtrArray *a;
 
 	nm_assert (NM_IS_SETTING_VPN (setting));
 
-	a = g_ptr_array_new ();
+	if (is_secrets)
+		len = nm_setting_vpn_get_num_secrets (setting);
+	else
+		len = nm_setting_vpn_get_num_data_items (setting);
+
+	a = g_ptr_array_sized_new (len + 1);
+
 	if (is_secrets)
 		nm_setting_vpn_foreach_secret (setting, _get_keys_cb, a);
 	else
 		nm_setting_vpn_foreach_data_item (setting, _get_keys_cb, a);
-	len = a->len;
 
-	if (a->len) {
+	len = a->len;
+	if (len) {
 		g_ptr_array_sort (a, nm_strcmp_p);
 		g_ptr_array_add (a, NULL);
-		keys = (const char **) g_ptr_array_free (g_steal_pointer (&a), FALSE);
-	}
+		keys = g_memdup (a->pdata, a->len * sizeof (gpointer));
+
+		/* we need to cache the keys *somewhere*. */
+		g_object_set_qdata_full (G_OBJECT (setting),
+		                         is_secrets
+		                         ? NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_secret_keys")
+		                         : NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_data_keys"),
+		                         g_ptr_array_free (a, FALSE),
+		                         (GDestroyNotify) g_strfreev);
+	} else
+		g_ptr_array_free (a, TRUE);
 
 	NM_SET_OUT (out_length, len);
 	return keys;
-- 
cgit v0.12

a52ccb2fe170558fc0aab4dd1d15ba8808b10951.patch (2,628 bytes) 2018-01-23 10:00

Relationships

Relationships

Notes
~0007811 thegru (reporter) 2018-01-15 10:53	I'm also experiencing similar issue, but my VPN connection succeeds. nm-applet just disappears from process list and from status bar. Here's my backtrace: # * Error in `nm-applet': free(): invalid pointer: 0x000055c697082e80 * ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x722fb)[0x7f04d6cd52fb] /lib/x86_64-linux-gnu/libc.so.6(+0x7895e)[0x7f04d6cdb95e] /lib/x86_64-linux-gnu/libc.so.6(+0x791be)[0x7f04d6cdc1be] /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_strfreev+0x29)[0x7f04d728f449] /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_datalist_clear+0x6b)[0x7f04d725245b] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_unref+0x1a2)[0x7f04d754cea2] /lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x38e41)[0x7f04d725ce41] /usr/lib/x86_64-linux-gnu/libnm.so.0(+0x62187)[0x7f04d84ce187] /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_datalist_clear+0x6b)[0x7f04d725245b] /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0(g_object_unref+0x1a2)[0x7f04d754cea2] nm-applet(+0x1629c)[0x55c69542129c] nm-applet(+0x198fc)[0x55c6954248fc] /lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x47724)[0x7f04d726b724] /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x155)[0x7f04d726ee15] /lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x4b1e0)[0x7f04d726f1e0] /lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_iteration+0x2c)[0x7f04d726f26c] /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0(g_application_run+0x1fd)[0x7f04d782cbed] nm-applet(+0x101b1)[0x55c69541b1b1] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f04d6c83561] nm-applet(+0x102da)[0x55c69541b2da]

~0007818 sbrun (manager) 2018-01-15 13:53	related to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885525 (with a patch) and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886152

~0007852 roadkill (reporter) 2018-01-23 10:00	This is an upstream bug, patch attached

~0007853 sbrun (manager) 2018-01-23 10:14	it's fixed in version 1.8.10-2 now in kali-rolling.

Notes

Date Modified	Username	Field	Change
Issue History
2018-01-08 19:59	pkreuzt	New Issue
2018-01-15 10:53	thegru	Note Added: 0007811
2018-01-15 13:53	sbrun	Status	new => confirmed
2018-01-15 13:53	sbrun	Note Added: 0007818
2018-01-23 10:00	roadkill	File Added: a52ccb2fe170558fc0aab4dd1d15ba8808b10951.patch
2018-01-23 10:00	roadkill	Note Added: 0007852
2018-01-23 10:14	sbrun	Status	confirmed => resolved
2018-01-23 10:14	sbrun	Resolution	open => fixed
2018-01-23 10:14	sbrun	Fixed in Version	=> 2018.1
2018-01-23 10:14	sbrun	Note Added: 0007853

Issue History