X2Go Bug report logs - #1460
Windows client crashes if Jumphost runs NetBSD 6 (probably race)

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Edgar Fuß <ef@math.uni-bonn.de>

Date: Sun, 19 Apr 2020 18:25:01 UTC

Severity: normal

Found in version 4.1.2.2

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#1460: Windows client crashes if Jumphost runs NetBSD 6 (probably race)
Reply-To: Edgar Fuß <ef@math.uni-bonn.de>, 1460@bugs.x2go.org
Resent-From: Edgar Fuß <ef@math.uni-bonn.de>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: owner@bugs.x2go.org
X-Loop: owner@bugs.x2go.org
Resent-Date: Sun, 19 Apr 2020 18:25:01 +0000
Resent-Message-ID: <handler.1460.B.158732059822516@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 1460
X-X2Go-PR-Package: x2go-client for windows
X-X2Go-PR-Keywords: 
Received: via spool by submit@bugs.x2go.org id=B.158732059822516
          (code B); Sun, 19 Apr 2020 18:25:01 +0000
Received: (at submit) by bugs.x2go.org; 19 Apr 2020 18:23:18 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,SPF_HELO_NONE
	autolearn=ham autolearn_force=no version=3.4.2
Received: from elbe.math.uni-bonn.de (elbe.math.uni-bonn.de [IPv6:2a00:5ba0:20:67::104])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id B00A45DAE5
	for <submit@bugs.x2go.org>; Sun, 19 Apr 2020 20:23:16 +0200 (CEST)
Received: from trav.math.uni-bonn.de (p54932D3A.dip0.t-ipconnect.de [84.147.45.58])
	by elbe.math.uni-bonn.de (Postfix) with ESMTPSA id 1C671C8770
	for <submit@bugs.x2go.org>; Sun, 19 Apr 2020 20:23:16 +0200 (CEST)
	(envelope-from ef@math.uni-bonn.de)
Date: Sun, 19 Apr 2020 20:23:14 +0200
From: Edgar Fuß <ef@math.uni-bonn.de>
To: submit@bugs.x2go.org
Message-ID: <20200419182314.GT12762@trav.math.uni-bonn.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.11.4 (2019-03-13)
Package: x2go-client for windows
Version: 4.1.2.2

The Windows X2Go client crashes (in ntdll.dll) if the Jumphost is running NetBSD 6 (it works for NetBSD 8). It crashes so early in the SSH negotiation that no further details (authentication type etc.) are relevant.

Now, NetBSD 6 (and OpenSSH 5.9, which it uses) are pretty obsolete, but interestingly, the client does not crash if run under logger.exe, so this looks like a race.

Installing OpenSSH 8.0 (from pkgsrc) on the NetBSD 6 Jumphost doesn't help. I verified that insatlling OpenSSH 8.0 on a NetBSD 8 host (which natively uses OpenSSH 7.6) works. So it's not just the OpenSSH version that matters.

But, if the Jumphost runs OpenSSH 8.0 on NetBSD 6 (where the client crashes unless run under logger.exe), tcpdump-ing the SSH connection on the Jumphost makes the client work. If I additionally tcpdump on the client side (more precisely, on the macOS system hosting the VirtualBox VM running MS Win), the client crashes again.

It looks like the condition that triggers the crash may be the client receiving the Server Key Exchange Init _after_ it sent the Client Key Exchange Init.

The packet sequence involved is (I/O as seen on the Jumphost, i.e. I client->server and O server->client):
1 I SYN (ECN, CWR)
2 O SYN/ACK
3 I ACK
4 I Client: Protocol
5 O Server: Protocol
6 I ACK

running tcpdump on NetBSD only (works):
7 O Server: Key Exchange Init
8 I ACK
9 I Client: Key Exchange Init
10 I Client: Diffie-Hellman Key Ecxhange Init
11 O ACK
12 O Diffie-Hellman Key Exchange Reply
13 I ACK
14 I Client: New Keys
15 I Client: Encrypted Packet
...

running tcpdump on NetBSD and macOS (client crashes), as seen on the NetBSD side:
7 O Server: Key Exchange Init
8 I Client: Key Exchange Init
9 I ACK
10 I Client: Diffie-Hellman Key Exhange Init
11 O ACK
12 O Diffie-Hellman Key Exchange Reply
13 I ACK
14 I Client: New Keys
15 O ACK
16 I FIN/ACK

same as seen on the macOS side:
7 I Client: Key Exchange Init
8 O Server: Key Exchange Init
[rest looks as on the NetBSD side]

Any hints how to debug this? I know virtually nothing about MS Win.

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Wed Oct 27 13:47:57 2021; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.