X2Go Bug report logs - #722
add sanity checks when processing stdout of X2Go

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Orion Poplawski <orion@cora.nwra.com>

Date: Wed, 7 Jan 2015 18:00:01 UTC

Severity: important

Found in version 4.0.2.1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#722; Package x2goclient. (Wed, 07 Jan 2015 18:00:01 GMT) Full text and rfc822 format available.

Acknowledgement sent to Orion Poplawski <orion@cora.nwra.com>:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Wed, 07 Jan 2015 18:00:02 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.x2go.org (full text, mbox):

From: Orion Poplawski <orion@cora.nwra.com>
To: submit@bugs.x2go.org
Subject: Fwd: [Bug 1179869] New: [abrt] x2goclient: ref(): x2goclient killed by SIGSEGV
Date: Wed, 07 Jan 2015 10:56:36 -0700
Package: x2goclient
Version: 4.0.2.1

This crashing here:
x2goSession ONMainWindow::getSessionFromString ( const QString& string )
{
    QStringList lst=string.split ( '|' );
    x2goSession s;
    s.agentPid=lst[0];
    s.sessionId=lst[1];

looks like the session string is corrupted and doesn't have the expected
number of elements.  Need some error checking here.


-------- Forwarded Message --------
Subject: [Bug 1179869] New: [abrt] x2goclient: ref(): x2goclient killed by SIGSEGV
Date: Wed, 07 Jan 2015 17:05:11 +0000
From: bugzilla@redhat.com
To: orion@cora.nwra.com

https://bugzilla.redhat.com/show_bug.cgi?id=1179869

            Bug ID: 1179869
           Summary: [abrt] x2goclient: ref(): x2goclient killed by SIGSEGV
           Product: Fedora
           Version: 20
         Component: x2goclient
          Assignee: orion@cora.nwra.com
          Reporter: livyathan@gmail.com
        QA Contact: extras-qa@fedoraproject.org
                CC: orion@cora.nwra.com



Version-Release number of selected component:
x2goclient-4.0.2.1-1.fc20

Additional info:
reporter:       libreport-2.2.3
backtrace_rating: 4
cmdline:        x2goclient
crash_function: ref
executable:     /usr/bin/x2goclient
kernel:         3.16.6-203.fc20.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 ref at ../../src/corelib/arch/qatomic_x86_64.h:121
 #1 QString::operator= at tools/qstring.cpp:1410
 #2 ONMainWindow::getSessionFromString at ../onmainwindow.cpp:3657
 #3 ONMainWindow::selectSession at ../onmainwindow.cpp:4364
 #4 ONMainWindow::slotListSessions at ../onmainwindow.cpp:3629
 #5 ONMainWindow::qt_static_metacall at moc_onmainwindow.cpp:385
 #6 QMetaObject::activate at kernel/qobject.cpp:3567
 #7 SshProcess::sshFinished at moc_sshprocess.cpp:140
 #8 SshProcess::slotChannelClosed at ../sshprocess.cpp:443
 #9 SshProcess::qt_static_metacall at moc_sshprocess.cpp:84

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.



Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#722; Package x2goclient. (Thu, 08 Jan 2015 09:50:01 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Thu, 08 Jan 2015 09:50:02 GMT) Full text and rfc822 format available.

Message #10 received at 722@bugs.x2go.org (full text, mbox):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Orion Poplawski <orion@cora.nwra.com>, 722@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#722: Fwd: [Bug 1179869] New: [abrt] x2goclient: ref(): x2goclient killed by SIGSEGV
Date: Thu, 08 Jan 2015 09:48:32 +0000
[Message part 1 (text/plain, inline)]
Control: severity -1 important
Control: retitle -1 add sanity checks when processing stdout of X2Go  
Server commands

Hi Orion,

On  Mi 07 Jan 2015 18:56:36 CET, Orion Poplawski wrote:

> Package: x2goclient
> Version: 4.0.2.1
>
> This crashing here:
> x2goSession ONMainWindow::getSessionFromString ( const QString& string )
> {
>     QStringList lst=string.split ( '|' );
>     x2goSession s;
>     s.agentPid=lst[0];
>     s.sessionId=lst[1];
>
> looks like the session string is corrupted and doesn't have the expected
> number of elements.  Need some error checking here.
>

Unfortunately, X2Go Client code does no sanitizing at all at most  
place. It simply expects that the X2Go Server on the other end is  
working correctly (which it sometimes is not)...

Raising severity to important...

Mike

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Severity set to 'important' from 'normal' Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to 722-submit@bugs.x2go.org. (Thu, 08 Jan 2015 09:50:02 GMT) Full text and rfc822 format available.

Changed Bug title to 'add sanity checks when processing stdout of X2Go' from 'Fwd: [Bug 1179869] New: [abrt] x2goclient: ref(): x2goclient killed by SIGSEGV' Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to 722-submit@bugs.x2go.org. (Thu, 08 Jan 2015 09:50:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Wed Dec 12 03:34:19 2018; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.