Bug 749895
Summary: | [abrt] bitlbee-3.0.3-5.fc15: PR_Close: signal 11 (SIGSEGV) [@ ssl-nss.c] | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Adam Williamson <awilliam> | ||||
Component: | bitlbee | Assignee: | Robert Scheck <redhat-bugzilla> | ||||
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 15 | CC: | emaldona, kdudka, mcepl, mcepl, redhat-bugzilla, rrelyea | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Unspecified | ||||||
Whiteboard: | abrt_hash:185a53490c386f0175c3ecc2ff78147b07c213a5 | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-08-07 18:09:38 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Adam Williamson
2011-10-28 19:43:25 UTC
this crash is happening over and over for me, it's pretty frustrating. Might be upstream http://bugs.bitlbee.org/bitlbee/ticket/790 ? upstream thinks this is likely due to use using nss rather than gnutls, they recommend gnutls is better. I'll try rebuilding with gnutls soonish. Elio, do you see what I do wrong here? http://code.bitlbee.org/lh/bitlbee/annotate/head:/lib/ssl_nss.c Thank you Nothing strikes me as wrong. Let add other folks wiser than me on ssl matters. Ah, the problem is quite obvious. The bitlbee NSS wrapper code does very little error checking. In ssl_connected, it doesn't check to see if the PR_Import succeeded, for instance. But the immediate source of the crash is available from the stack traceback: :#0 PR_Close (fd=0x0) at ../../../mozilla/nsprpub/pr/src/io/priometh.c:136 :136 return (fd->methods->close)(fd); : :Thread 1 (Thread 0x7fc236066720 (LWP 24783)): :#0 PR_Close (fd=0x0) at ../../../mozilla/nsprpub/pr/src/io/priometh.c:136 :No locals. :#1 0x000000000042a371 in ssl_connected (data=0x8d4140, source=-1, cond=B_EV_IO_READ) at ssl_nss.c:187 Clearly calling PR_Close with a NULL pointer is wrong. An inspection of ssl_connected shows the obvious problem. At line 160 we fail the function if source is -1 (which we can see it is from the stack traceback). We then proceed to try to close the NSPR file descriptor, but we only set the file descriptor at line 166, which, of course, we skipped. The fix for the immediate problem is to verify that the file descriptor is not null before calling PR_Close (just like the equivalent check for the socket descriptor in the line below). Whether or not a similiar check is needed in ssl_disconnect() depends on whether or not you need to call ssl_connected() before you can call ssl_disconnect, but prudence would suggest placing that protection. ssl_connect should be reviewed as well. Just looking at the code I see the following issues: 1) PR_ImportFD is not checked for failure. I suspect that it can only fail on an out of memory situation, but I don't think the code should rely on that (note, I see no out of memory checks in this code). 2) ssl_connect returns FALSE whether or not it succeeds. Clearly that's wrong (though it's not clear if it should return TRUE or FALSE on success, I suspect the latter, if only because the code would not work at all if not. Once you fixe the PR_Close issue, you are likely to run into this one, as on failure it clearly clobbers the connection structure, which will likely do Bad Things(TM) when the next level of the application tries to use it. bob Created attachment 593599 [details]
suggested patch
After a lot of research I have just applied just your suggested changes.
According to the upstream maintainer, ssl_connected should always return FALSE.
Whole file in the latest form is available on https://gitorious.org/bitlbee/bitlbee/blobs/nss/lib/ssl_nss.c Please comment on the patch, please. that patch looks good to me Matej. bob This message is a notice that Fedora 15 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 15. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At this time, all open bugs with a Fedora 'version' of '15' have been closed as WONTFIX. (Please note: Our normal process is to give advanced warning of this occurring, but we forgot to do that. A thousand apologies.) Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, feel free to reopen this bug and simply change the 'version' to a later Fedora version. Bug Reporter: Thank you for reporting this issue and we are sorry that we were unable to fix it before Fedora 15 reached end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" (top right of this page) and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping |