Bug 217335 - gaim jabber cyrus-sasl-md5 crash
gaim jabber cyrus-sasl-md5 crash
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: gaim (Show other bugs)
5.0
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Warren Togami
:
: 217026 218061 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-27 00:56 EST by Devrim GUNDUZ
Modified: 2007-11-30 17:07 EST (History)
10 users (show)

See Also:
Fixed In Version: RC
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-07 19:55:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Full gdb backtrace of the crash (7.16 KB, application/octet-stream)
2006-11-27 00:56 EST, Devrim GUNDUZ
no flags Details
Gaim2 beta5 crash - gdb backtrace with debug packages installed (12.66 KB, application/octet-stream)
2006-11-27 15:03 EST, Devrim GUNDUZ
no flags Details
Gaim2 beta5 crash - gdb backtrace with debug packages installed #2 (5.68 KB, application/text)
2006-11-27 16:02 EST, Devrim GUNDUZ
no flags Details
gaim-sasl-md5-crash.txt (4.35 KB, text/plain)
2006-11-27 17:59 EST, Warren Togami
no flags Details
gaim jabber login transaction log (2.84 KB, text/plain)
2006-11-28 14:04 EST, Curt Moore
no flags Details

  None (edit)
Description Devrim GUNDUZ 2006-11-27 00:56:24 EST
Description of problem:
Gaim beta5 crashes. When we update to gaim to latest beta in Fedora Core 6,
cyrus-sasl-md5-2.1.22-4 is installed for dependeny. When gaim is started, it
crashes. As far as I can see from the backtrace, it is the cyrus-sasl-md5 that
causes the problem. This is x86 using kernel-2.6.18-1.2849.fc6, and all the
updates are applied.

Version-Release number of selected component (if applicable):
gaim-2.0.0-0.22.beta5
cyrus-sasl-md5-2.1.22-4

How reproducible:
Always

Steps to Reproduce:
1. Update to gaim-2.0.0-0.22.beta5
2. Start gaim
  
Actual results:
Gaim crashes.

Expected results:
It should not crash :)
Comment 1 Devrim GUNDUZ 2006-11-27 00:56:24 EST
Created attachment 142158 [details]
Full gdb backtrace of the crash
Comment 2 Warren Togami 2006-11-27 01:26:52 EST
gaim-debuginfo
cyrus-sasl-debuginfo

Please install these debuginfo packages then get another backtrace.
Comment 3 Devrim GUNDUZ 2006-11-27 15:03:29 EST
Created attachment 142216 [details]
Gaim2 beta5 crash - gdb backtrace with debug packages installed

Hello,

$ rpm -qv gaim-debuginfo cyrus-sasl-debuginfo 
gaim-debuginfo-2.0.0-0.22.beta5
cyrus-sasl-debuginfo-2.1.22-4
Comment 4 Warren Togami 2006-11-27 15:35:34 EST
It appears that your gaim-debuginfo doesn't match the gaim package version?

Another question, if you "rpm -e cyrus-sasl-md5 --nodeps" then restart gaim,
does it work without crashing?

This appears to be a bug in either gaim or cyrus-sasl's md5 plugin.  Adding nalin.
Comment 5 Warren Togami 2006-11-27 15:37:29 EST
Another question, what jabber server are you connecting to?  Is it available to
the public?
Comment 6 Devrim GUNDUZ 2006-11-27 15:40:43 EST
Hello,
(In reply to comment #5)
> Another question, what jabber server are you connecting to?  Is it available to
> the public?
Some of them are public; some of them are not.
I have an jabber.org account. Also there is a gmail.com account. In addition to
these, I have 4 other non-public OSS-related jabber servers.

Regards, Devrim
Comment 7 Warren Togami 2006-11-27 15:47:15 EST
I use gmail.com jabber with seemingly no problem.

Could you please disable the various jabber accounts to see if any server in
particular triggers this problem?
Comment 8 Devrim GUNDUZ 2006-11-27 16:02:40 EST
Created attachment 142225 [details]
Gaim2 beta5 crash - gdb backtrace with debug packages installed #2

This is the new backtrace
Comment 9 Devrim GUNDUZ 2006-11-27 16:07:09 EST
Hello,

(In reply to comment #4)
> It appears that your gaim-debuginfo doesn't match the gaim package version?

I could find only beta3 debuginfo in repo. So, I built mine using the SRPM of
beta5. They should be identical. But it seems I used i386 gaim and i686
debuginfo. Ok, I attached another one again a few mins before.
 
> Another question, if you "rpm -e cyrus-sasl-md5 --nodeps" then restart gaim,
> does it work without crashing?

That made it. Gaim is running perfectly now.

> This appears to be a bug in either gaim or cyrus-sasl's md5 plugin.  Adding 
> nalin.

Thanks.

Regards, Devrim
Comment 10 Warren Togami 2006-11-27 16:08:18 EST
gaim jabber cyrus-sasl-md5 crash
Comment 11 Warren Togami 2006-11-27 16:25:19 EST
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400002
Equivalent bug at Debian
Comment 12 Warren Togami 2006-11-27 16:49:18 EST
Could someone please find a public Jabber server that exhibits this problem?
Comment 13 Devrim GUNDUZ 2006-11-27 17:17:17 EST
BTW... I'm not sure but the crash may happen when we connect to the jabber
servers that we force old SSL. This may help you. 
Comment 14 Warren Togami 2006-11-27 17:59:35 EST
Created attachment 142241 [details]
gaim-sasl-md5-crash.txt

gaim-2.0.0-0.22.beta5.fc6
cyrus-sasl-md5-2.1.22-4 (rebuilt with -O0)

Backtrace gives a little more detail.
Comment 15 Nalin Dahyabhai 2006-11-27 18:19:49 EST
The plugin is zeroing out the "clientout" and "clientoutlen" values passed in by
the calling application (see sasl_client_step(3) for more), but gaim is passing
in NULL for their locations.
Comment 16 Mark Doliner 2006-11-28 02:11:10 EST
I just made a change to Gaim SVN that should fix this.  Nalin, thanks for
digging through the backtrace for us.

Here's a diff:
http://svn.sourceforge.net/viewvc/gaim/trunk/libgaim/protocols/jabber/auth.c?r1=17834&r2=17833&view=patch&pathrev=17834
Comment 17 Warren Togami 2006-11-28 10:33:10 EST
*** Bug 217026 has been marked as a duplicate of this bug. ***
Comment 18 Warren Togami 2006-11-28 10:44:18 EST
ari wrote this patch that is a bit different for Debian.
http://svn.debian.org/wsvn/pkg-gnome/packages/unstable/gaim/debian/patches/09_jabber-sasl-crash.patch?op=file&rev=0&sc=0

Which solution is going to be upstream?
Comment 19 Warren Togami 2006-11-28 12:23:38 EST
ari indicated that the upstream svn patch prevents the crash, but login does not
work.  ari's patch is uncertain to be correct either.  It would be very helpful
if a cyrus-sasl expert could look at this.
Comment 20 Nalin Dahyabhai 2006-11-28 12:32:18 EST
Warren, please remember that I don't have a server to test against here, either.
 In what way does login not work?  Do you mean authentication fails, or does
something go wrong immediately after authentication succeeds, or does this cause
a problem with the LOGIN mechanism?
Comment 21 Curt Moore 2006-11-28 14:03:21 EST
I'm seeing the same behavior here when using old SSL.  To add to Warren's
comments, there is something else not quite right here with cyrus-sasl in
addition to what was fixed in the patch in comment #16 which causes gaim to no
longer segfault due to the NULL values.

For me, the login tries to proceed but gaim complains about an invalid response
from the jabber server.  I've attached the gaim debug output from a login
attempt, gaim_jabber_old_ssl_log.txt.

If need be, I can create some demo accounts on my jabber server for testing; I'm
running Wildfire 3.1.1.
Comment 22 Curt Moore 2006-11-28 14:04:31 EST
Created attachment 142317 [details]
gaim jabber login transaction log
Comment 23 Warren Togami 2006-11-28 17:12:22 EST
gaim has two different code paths for jabber authentication with either PLAIN or
MD5.  If gaim is built without cyrus-sasl, it uses an internal implementation
for PLAIN and MD5 which is known to work fine.  However, if you build with
cyrus-sasl, it only uses plugins that are installed for cyrus-sasl. 
cyrus-sasl-plain seems to work fine, as Fedora gaim has been using this for a
while now with cyrus-sasl-plain in a default install.  It seems that the other
methods like SASL MD5 never did work in gaim, and we haven't hit it often before
because nothing pulled in cyrus-sasl-md5 as a dependency.

SASL handling in gaim's jabber plugin seems to be either incomplete or just
plain wrong.  The challenge/response sequence when doing md5 is different than
the internal md5 implementation in gaim.  gaim upstream is not sure who wrote
this code, and nobody seems to understand cyrus-sasl in order to fix it with
certainty.

The simple workaround would be to disable building against cyrus-sasl, however
then we would lose the ability to use jabber with kerberos authentication.
Comment 24 RHEL Product and Program Management 2006-11-28 17:30:31 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 25 Warren Togami 2006-12-01 12:37:44 EST
*** Bug 218061 has been marked as a duplicate of this bug. ***
Comment 26 Rob K 2006-12-04 16:27:33 EST
For a Jabber server to test on - try talk.google.com.
Comment 27 Warren Togami 2006-12-05 15:42:24 EST
faceprint upstream implemented a fix for this.  This is building in -0.26
currently.  We will be able to test it soon.
Comment 28 Julian Yap 2006-12-06 21:39:02 EST
Fix is now in Fedora Core 6.

Works for me.

Great work!
Comment 29 Jay Turner 2007-01-10 21:39:58 EST
QE ack for RHEL5.
Comment 30 RHEL Product and Program Management 2007-02-07 19:55:04 EST
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.

Note You need to log in before you can comment on or make changes to this bug.