profanity segfaults and dumps core in recent snapshots

[Raf Czlonka]

Hi all,

As soon as I authenticate against Google's XMPP server - talk.google.com
- profanity segfaults and dumps core:

        $ egdb profanity profanity.core  
        [...]
        Core was generated by `profanity'.
        Program terminated with signal SIGSEGV, Segmentation fault.
        #0  0x00000e6f67fba14f in xmpp_conn_tlscert_fingerprint () from 
/usr/local/lib/libmesode.so.0.0
        (gdb) bt
        #0  0x00000e6f67fba14f in xmpp_conn_tlscert_fingerprint () from 
/usr/local/lib/libmesode.so.0.0
        #1  0x00000e6cccde9466 in _xmppcert_to_profcert ()
        #2  0x00000e6cccde907e in ?? ()
        #3  0x00000e6f67fc6959 in verify_callback () from 
/usr/local/lib/libmesode.so.0.0
        #4  0x00000e6f58058313 in check_id_error (ctx=0x7f7fffff6fd0, 
errcode=<error reading variable: Cannot access memory at address 0x3e>) at 
/usr/src/lib/libcrypto/x509/x509_vfy.c:183
        #5  check_id (ctx=0x7f7fffff6fd0) at 
/usr/src/lib/libcrypto/x509/x509_vfy.c:213
        #6  0x00000e6f5801ec31 in x509_verify_cert_hostname (ctx=0xe6f1f627d80, 
cert=0xe6fb3bc6d00, name=0x0) at /usr/src/lib/libcrypto/x509/x509_verify.c:462
        #7  x509_verify (ctx=0xe6f1f627d80, leaf=0xe6fb3bc6d00, name=0x0) at 
/usr/src/lib/libcrypto/x509/x509_verify.c:870
        #8  0x00000e6f58058de1 in X509_verify_cert (ctx=0x7f7fffff6fd0) at 
/usr/src/lib/libcrypto/x509/x509_vfy.c:682
        #9  0x00000e6f355991ed in ssl_verify_cert_chain (s=0xe6f4ca9c300, 
sk=0xe6ee1db3840) at /usr/src/lib/libssl/ssl_cert.c:447
        #10 0x00000e6f355b79a5 in tls13_server_certificate_recv 
(ctx=0xe6f4ca9c400, cbs=<optimized out>) at 
/usr/src/lib/libssl/tls13_client.c:613
        #11 0x00000e6f355b777c in tls13_server_certificate_request_recv 
(ctx=0xe6f4ca9c400, cbs=0x7f7fffff7218) at 
/usr/src/lib/libssl/tls13_client.c:534
        #12 0x00000e6f355c6511 in tls13_handshake_recv_action 
(ctx=0xe6f4ca9c400, action=<optimized out>) at 
/usr/src/lib/libssl/tls13_handshake.c:500
        #13 tls13_handshake_perform (ctx=0xe6f4ca9c400) at 
/usr/src/lib/libssl/tls13_handshake.c:375
        #14 0x00000e6f355c57d7 in tls13_legacy_connect (ssl=0xe6f4ca9c300) at 
/usr/src/lib/libssl/tls13_legacy.c:442
        #15 0x00000e6f67fc6aa5 in tls_start () from 
/usr/local/lib/libmesode.so.0.0
        #16 0x00000e6f67fb9542 in conn_tls_start () from 
/usr/local/lib/libmesode.so.0.0
        #17 0x00000e6f67fb7274 in _handle_proceedtls_default () from 
/usr/local/lib/libmesode.so.0.0
        #18 0x00000e6f67fbbb01 in handler_fire_stanza () from 
/usr/local/lib/libmesode.so.0.0
        #19 0x00000e6f67fb8835 in _handle_stream_stanza () from 
/usr/local/lib/libmesode.so.0.0
        #20 0x00000e6f67fc76f5 in _end_element () from 
/usr/local/lib/libmesode.so.0.0
        #21 0x00000e6f48109821 in doContent (parser=0xe6ee1dbf800, 
startTagLevel=<optimized out>, enc=<optimized out>, s=<optimized out>, 
end=0xe6f1a4511ad '\337' <repeats 199 times>, <incomplete sequence \337>..
            haveMore=1 '\001') at /usr/src/lib/libexpat/lib/xmlparse.c:2600
        #22 0x00000e6f48106f07 in contentProcessor (parser=0xe6ee1dbf800, 
start=0x7f7fffff60f0 "ERROR: error number 62", end=0x7 <error: Cannot access 
memory at address 0x7>, endPtr=0x0) at /usr/src/lib/libexpat/
        #23 0x00000e6f48102191 in XML_ParseBuffer (parser=0xe6ee1dbf800, 
len=50, isFinal=0) at /usr/src/lib/libexpat/lib/xmlparse.c:1704
        #24 0x00000e6f48101ca3 in XML_Parse (parser=0xe6ee1dbf800, 
            s=0x7f7fffff7620 "<proceed 
xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"/>xml:ns:xmpp-tls\"><required/></starttls><mechanisms
 xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\"><mechanism>X-OAUTH2</mechanism><mec
            len=50, isFinal=0) at /usr/src/lib/libexpat/lib/xmlparse.c:1668
        #25 0x00000e6f67fbb67e in xmpp_run_once () from 
/usr/local/lib/libmesode.so.0.0
        #26 0x00000e6cccde8ada in connection_check_events ()
        #27 0x00000e6cccde1e3b in prof_run ()
        #28 0x00000e6ccce5d3de in main ()

This started happening a week or so ago.

Around the same time - most likely the same snapshot - lastpass-cli
stopped working during authentication step, with an "SSL connect
error" message.

Bjorn (bket@) found that lastpass-cli behaviour was related to a
change in lib/libcrypto/x509/x509_vpm.c (r1.22). This has been
subsequently fixed[0] by jsing@ and lastpass-cli works again.

This may or may not be related but, given X.509 and TLS appearing
all over the place in the backtrace, I thought I'd mention it.

FWIW, profanity does *not* segfault when I authenticate to an XMPP
server at work.

[0] https://marc.info/?l=openbsd-cvs&m=160088523031157&w=2

Please CC me in any replies as I am not subscribed to this mailing list.

Cheers,

Raf