Very true. I just posted quickly this morning to lend some weight to this bug and at least indicate a workaround.
So, I've read up a little bit and fiddled with the remmina client. I've found that using NLA authentication causes remmina to segfault. TLS and RDP both seem to work fine, so there is (I think) a more secure workaround available in TLS authentication. Its a libfreerdp issue addressed in this issue: https://github.com/FreeRDP/FreeRDP/issues/412 Which had a fix similar to your patch. It seems to be in the master branch, but not their 1.0 stable. Best On Tue, Oct 2, 2012 at 8:04 AM, Kai Pastor <[email protected]> wrote: > It is not clear to me what changing the security means. The bug itself > is not neccessarily a security issue. The workaround might be. If HTTPS > doesn't work, would anyone suggest HTTP for online banking? > > It's really time for a maintainer to look at the issue. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1019252 > > Title: > Crash in crypto_cert_subject_alt_name when connecting > > Status in “freerdp” package in Ubuntu: > Confirmed > > Bug description: > Release: Ubuntu 12.04 LTS > Package: libfreerdp1 (1.0.1-1ubuntu2.1) > > I observed crashes in crypto_cert_subject_alt_name() when connecting > to some hosts with remmina or xfreerdp. The particular DNS name is > actually realized by a cluster of machines, and this is reflected in > the certificate. > > It seems to me that crypto_cert_subject_alt_name(...) allocates memory > for "int** lengths" as an array of pointers to integer, but not for > the integers themselves. After adding the additional memory > allocation, I had no more crashes at that point. (I must admit that I > didn't check whether/where the allocated memory gets released.) > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/freerdp/+bug/1019252/+subscriptions -- Hey! Somebody punched the foley guy! - Crow, MST3K ep. 508 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1019252 Title: Crash in crypto_cert_subject_alt_name when connecting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp/+bug/1019252/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
