[jira] [Closed] (GUACAMOLE-467) Rare segfault when joining SSH session

Tue, 23 Jul 2019 12:36:25 -0700 


     [ 
https://issues.apache.org/jira/browse/GUACAMOLE-467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Couchman closed GUACAMOLE-467.
-----------------------------------
    Resolution: Invalid

> Rare segfault when joining SSH session
> --------------------------------------
>
>                 Key: GUACAMOLE-467
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-467
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacd, SSH
>    Affects Versions: 0.9.13-incubating
>            Reporter: Or Cohen
>            Priority: Minor
>
> A rare segfault, essentially a race-condition, when joining a user to an 
> existing connection.
> On our system, users (non-owners) are being connected automatically as soon 
> as the owner creates a new connection.
> There's a slight window between the {{ready}} instruction and 
> {{ssh_client->term}} still being NULL, other users can join the connection 
> with the connection ID. In which case, they are being sent to 
> {{guac_terminal_dup()}} with a NULL term.
> To re-produce (not very easy):
> 1. Create a new connection (owner).
> 2. Use the connection ID ASAP with a new connection and {{select}} 
> instruction.
> I was thinking about a solution here, something that should be "safer" than 
> checking if term is NULL in the long term. i.e. something that should be 
> future proof in case there are more potential race-conditions like this. I 
> was wondering if (at {{guac_client_add_user()}}) placing the join handler 
> inside the rwlock would be a proper fix as well, albeit not the best place 
> naming-wise.
> {noformat}
> $ gdb /usr/local/sbin/guacd core
> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-100.el7
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-redhat-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /usr/local/sbin/guacd...done.
> [New LWP 38]
> [New LWP 32]
> [New LWP 33]
> [New LWP 29]
> [New LWP 34]
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Core was generated by `guacd -fb 0.0.0.0'.
> Program terminated with signal 11, Segmentation fault.
> #0  0x00007f3c02612656 in guac_terminal_repaint_default_layer (terminal=0x0, 
> socket=0x7f3bec0008c0) at terminal.c:204
> 204         int width = terminal->width;
> Missing separate debuginfos, use: debuginfo-install cairo-1.14.8-2.el7.x86_64 
> expat-2.1.0-10.el7_3.x86_64 fontconfig-2.10.95-11.el7.x86_64 
> freetype-2.4.11-15.el7.x86_64 glib2-2.50.3-3.el7.x86_64 
> glibc-2.17-196.el7_4.2.x86_64 graphite2-1.3.10-1.el7_3.x86_64 
> harfbuzz-1.3.2-1.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 
> krb5-libs-1.15.1-8.el7.x86_64 libX11-1.6.5-1.el7.x86_64 
> libXau-1.0.8-2.1.el7.x86_64 libXdamage-1.1.4-4.1.el7.x86_64 
> libXext-1.3.3-3.el7.x86_64 libXfixes-5.0.3-1.el7.x86_64 
> libXrender-0.9.10-1.el7.x86_64 libXxf86vm-1.1.4-1.el7.x86_64 
> libcom_err-1.42.9-10.el7.x86_64 libdrm-2.4.74-1.el7.x86_64 
> libffi-3.0.13-18.el7.x86_64 libgcc-4.8.5-16.el7_4.1.x86_64 
> libjpeg-turbo-1.2.90-5.el7.x86_64 libogg-1.3.0-7.el7.x86_64 
> libpng-1.5.13-7.el7_2.x86_64 libselinux-2.5-11.el7.x86_64 
> libssh2-1.4.3-10.el7_2.1.x86_64 libthai-0.1.14-9.el7.x86_64 
> libvorbis-1.3.3-8.el7.x86_64 libwebp-0.3.0-7.el7.x86_64 
> libxcb-1.12-1.el7.x86_64 libxshmfence-1.2-1.el7.x86_64 
> mesa-libEGL-17.0.1-6.20170307.el7.x86_64 
> mesa-libGL-17.0.1-6.20170307.el7.x86_64 
> mesa-libgbm-17.0.1-6.20170307.el7.x86_64 
> mesa-libglapi-17.0.1-6.20170307.el7.x86_64 openssl-libs-1.0.2k-8.el7.x86_64 
> pango-1.40.4-1.el7.x86_64 pcre-8.32-17.el7.x86_64 pixman-0.34.0-1.el7.x86_64 
> uuid-1.6.2-26.el7.x86_64 zlib-1.2.7-17.el7.x86_64
> (gdb) bt
> #0  0x00007f3c02612656 in guac_terminal_repaint_default_layer (terminal=0x0, 
> socket=0x7f3bec0008c0) at terminal.c:204
> #1  0x00007f3c02615e4e in guac_terminal_dup (term=0x0, user=0x7f3bec0029a0, 
> socket=0x7f3bec0008c0) at terminal.c:1969
> #2  0x00007f3c0260778e in guac_ssh_user_join_handler (user=0x7f3bec0029a0, 
> argc=18, argv=0x7f3bec0048e0) at user.c:74
> #3  0x00007f3c0a2d6e66 in guac_client_add_user (client=0x7f3bfc00ac40, 
> user=0x7f3bec0029a0, argc=18, argv=0x7f3bec0048e0) at client.c:285
> #4  0x0000000000405bd8 in guacd_handle_user (user=0x7f3bec0029a0) at 
> user.c:289
> #5  0x0000000000404cca in guacd_user_thread (data=0x7f3bfc01cde0) at proc.c:95
> #6  0x00007f3c09913e25 in start_thread () at /lib64/libpthread.so.0
> #7  0x00007f3c088e134d in clone () at /lib64/libc.so.6
> (gdb)
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Reply via email to