Public bug reported: After the SSL rebuild, Remmina is crashing with a segmentation fault when trying to connect to a Windows Server 2019 machine using RDP.
I tried removing the sensitive data from this backtrace (#7 has TERMSRV/XXX.XXX.XXX.XXX), hopefully everything sensitive was removed. The full backtrace is: (gdb) bt f #0 0x00007ffff6d192e8 in EVP_CIPHER_CTX_set_key_length (c=c@entry=0x7fffe03310e0, keylen=keylen@entry=16) at ../crypto/evp/evp_enc.c:979 __func__ = "EVP_CIPHER_CTX_set_key_length" #1 0x00007ffff1b2c4a8 in winpr_RC4_New_Internal (key=0x7fffe0373998 "\223\234\376O`\245$\225\223\343\303\370\020\256\225\374\032N\317P\345\207K\320KX\231\307fb\314\307\032N\317P\345\207K\320KX\231\307fb\314", <incomplete sequence \307>, keylen=16, override_fips=0) at ./winpr/libwinpr/crypto/cipher.c:75 ctx = 0x7fffe03310e0 evp = 0x7ffff6f7b240 <r4_cipher> #2 0x00007ffff1b59ddd in ntlm_rc4k (length=16, ciphertext=0x7fffe03739c8 "", plaintext=0x7fffe03739a8 "\032N\317P\345\207K\320KX\231\307fb\314\307\032N\317P\345\207K\320KX\231\307fb\314", <incomplete sequence \307>, key=0x7fffe0373998 "\223\234\376O`\245$\225\223\343\303\370\020\256\225\374\032N\317P\345\207K\320KX\231\307fb\314\307\032N\317P\345\207K\320KX\231\307fb\314", <incomplete sequence \307>) at ./winpr/libwinpr/sspi/NTLM/ntlm_compute.c:491 rc4 = <optimized out> status = -2146893052 s = 0x7fffe03723b0 length = <optimized out> StartOffset = <optimized out> PayloadOffset = <optimized out> AvTimestamp = <optimized out> message = 0x7fffe0373780 context = 0x7fffe0373600 credentials = <optimized out> input_buffer = <optimized out> output_buffer = 0x0 channel_bindings = <optimized out> #3 ntlm_encrypt_random_session_key (context=0x7fffe0373600) at ./winpr/libwinpr/sspi/NTLM/ntlm_compute.c:566 status = -2146893052 s = 0x7fffe03723b0 length = <optimized out> StartOffset = <optimized out> PayloadOffset = <optimized out> AvTimestamp = <optimized out> message = 0x7fffe0373780 context = 0x7fffe0373600 credentials = <optimized out> input_buffer = <optimized out> output_buffer = 0x0 channel_bindings = <optimized out> #4 ntlm_read_ChallengeMessage (buffer=<optimized out>, context=0x7fffe0373600) at ./winpr/libwinpr/sspi/NTLM/ntlm_message.c:513 status = -2146893052 s = 0x7fffe03723b0 length = <optimized out> StartOffset = <optimized out> PayloadOffset = <optimized out> AvTimestamp = <optimized out> message = 0x7fffe0373780 context = 0x7fffe0373600 credentials = <optimized out> input_buffer = <optimized out> output_buffer = 0x0 channel_bindings = <optimized out> #5 ntlm_InitializeSecurityContextW (phCredential=phCredential@entry=0x7fffe0372e70, phContext=phContext@entry=0x7fffe0374230, pszTargetName=<optimized out>, fContextReq=fContextReq@entry=50, Reserved1=Reserved1@entry=0, TargetDataRep=TargetDataRep--Type <RET> for more, q to quit, c to continue without paging--c @entry=16, pInput=<optimized out>, Reserved2=<optimized out>, phNewContext=<optimized out>, pOutput=<optimized out>, pfContextAttr=<optimized out>, ptsExpiry=<optimized out>) at ./winpr/libwinpr/sspi/NTLM/ntlm.c:590 context = 0x7fffe0373600 credentials = <optimized out> input_buffer = <optimized out> output_buffer = 0x0 channel_bindings = <optimized out> #6 0x00007ffff1b5ac25 in ntlm_InitializeSecurityContextA (phCredential=0x7fffe0372e70, phContext=0x7fffe0374230, pszTargetName=<optimized out>, fContextReq=50, Reserved1=0, TargetDataRep=16, pInput=0x7fffe0372eb0, Reserved2=0, phNewContext=0x7fffe0374230, pOutput=0x7fffe0372ec0, pfContextAttr=0x7fffe0372e58, ptsExpiry=0x7fffe0372e80) at ./winpr/libwinpr/sspi/NTLM/ntlm.c:633 status = <optimized out> pszTargetNameW = 0x7fffe0373cc0 #7 0x00007ffff1b6543f in winpr_InitializeSecurityContextA (phCredential=0x7fffe0372e70, phContext=0x7fffe0372e08, pszTargetName=0x7fffe0385fd0 "TERMSRV/XXX.XXX.XXX.XXX", fContextReq=50, Reserved1=0, TargetDataRep=16, pInput=0x7fffe0372eb0, Reserved2=0, phNewContext=0x7fffe0372e08, pOutput=0x7fffe0372ec0, pfContextAttr=0x7fffe0372e58, ptsExpiry=0x7fffe0372e80) at ./winpr/libwinpr/sspi/sspi_winpr.c:1284 Name = 0x7ffff1b9e684 "Negotiate" status = <optimized out> table = 0x7ffff1bd72c0 <NEGOTIATE_SecurityFunctionTableA> _log_cached_ptr = 0x0 __FUNCTION__ = "winpr_InitializeSecurityContextA" _log_cached_ptr = 0x0 #8 0x00007ffff1d0301c in nla_client_recv (nla=0x7fffe0372df0) at ./libfreerdp/core/nla.c:557 status = -1 _log_cached_ptr = 0x0 __FUNCTION__ = "nla_recv_pdu" #9 nla_recv_pdu (nla=0x7fffe0372df0, s=<optimized out>) at ./libfreerdp/core/nla.c:2192 _log_cached_ptr = 0x0 __FUNCTION__ = "nla_recv_pdu" #10 0x00007ffff1d3be99 in rdp_recv_callback (transport=<optimized out>, s=0x555555bad760, extra=0x555555e68000) at ./libfreerdp/core/rdp.c:1515 status = 0 rdp = 0x555555e68000 _log_cached_ptr = 0x0 __FUNCTION__ = "rdp_recv_callback" _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 #11 0x00007ffff1d37bbc in transport_check_fds (transport=0x555555b85510) at ./libfreerdp/core/transport.c:1062 status = 221 recv_status = <optimized out> received = 0x555555bad760 now = <optimized out> dueDate = 145082998 status = <optimized out> transport = 0x555555b85510 _log_cached_ptr = 0x0 __FUNCTION__ = "rdp_check_fds" _log_cached_ptr = 0x0 #12 rdp_check_fds (rdp=0x555555e68000) at ./libfreerdp/core/rdp.c:1722 status = <optimized out> transport = 0x555555b85510 _log_cached_ptr = 0x0 __FUNCTION__ = "rdp_check_fds" _log_cached_ptr = 0x0 #13 0x00007ffff1d3054d in rdp_client_connect (rdp=0x555555e68000) at ./libfreerdp/core/connection.c:367 SelectedProtocol = <optimized out> status = <optimized out> settings = 0x555555ea9ee0 flags = <optimized out> timeout = 200 __FUNCTION__ = "rdp_client_connect" _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 #14 0x00007ffff1d1e492 in freerdp_connect (instance=0x555555bfb3f0) at ./libfreerdp/core/freerdp.c:197 status = <optimized out> e = {e = {Size = 4135161392, Sender = 0x0}, result = 327824} status2 = 0 rdp = 0x555555e68000 settings = 0x555555ea9ee0 __FUNCTION__ = "freerdp_connect" _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 #15 freerdp_connect (instance=0x555555bfb3f0) at ./libfreerdp/core/freerdp.c:153 __FUNCTION__ = "freerdp_connect" _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 _log_cached_ptr = 0x0 #16 0x00007ffff678d739 in remmina_rdp_main (gp=0x555555ae4a70) at ./plugins/rdp/rdp_plugin.c:2053 value = <optimized out> rfi = <optimized out> w = <optimized out> proxy_password = <optimized out> root = <optimized out> gateway_host = 0x7fffe0002900 "\340B" datapath = <optimized out> desktopScaleFactor = 0 h = <optimized out> s = <optimized out> gateway_port = 32767 i = <optimized out> desktopOrientation = 0 deviceScaleFactor = 0 proxy_port = <optimized out> verrev = 0 proxy_username = <optimized out> sm = <optimized out> cs = <optimized out> remminafile = <optimized out> channels = 0x555555f59760 status = <optimized out> proxy_hostname = <optimized out> proxy_type = <optimized out> vermaj = 2 vermin = 3 orphaned = <optimized out> gp = 0x555555ae4a70 rfi = 0x555555c8e800 #17 remmina_rdp_main_thread (data=0x555555ae4a70) at ./plugins/rdp/rdp_plugin.c:2258 gp = 0x555555ae4a70 rfi = 0x555555c8e800 #18 0x00007ffff683f927 in start_thread (arg=<optimized out>) at pthread_create.c:435 ret = <optimized out> pd = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737152808512, -5239994127097218978, 140737488346590, 140737488346591, 0, 140737144418304, 5239967739048409182, 5239973476643682398}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> #19 0x00007ffff68cf9e4 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100 ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: remmina 1.4.21+dfsg-1build1 ProcVersionSignature: Ubuntu 5.15.0-13.13-generic 5.15.5 Uname: Linux 5.15.0-13-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu74 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: XFCE Date: Mon Dec 6 16:45:05 2021 InstallationDate: Installed on 2017-06-13 (1636 days ago) InstallationMedia: Xubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412) SourcePackage: remmina UpgradeStatus: Upgraded to jammy on 2019-12-22 (714 days ago) modified.conffile..etc.cron.daily.apport: [deleted] ** Affects: remmina (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug jammy package-from-proposed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1953389 Title: Remmina segfault when trying to connect using RDP To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/remmina/+bug/1953389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs