any1 / neatvnc

A liberally licensed VNC server library with a clean interface
ISC License
126 stars 31 forks source link

TLS member move causes abort on authentication failure. #91

Closed pH5 closed 1 year ago

pH5 commented 1 year ago

Commit b5f37d0227c42c1f4b7f99741dbb24435ff4f164 ("stream: Move tls specific member into tls impl") causes an abort on authentication failure (e.g. no username/password provided):

#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0)
    at pthread_kill.c:44
#1  0x00007ffff7e328b3 in __pthread_kill_internal (signo=6, threadid=<optimized out>)
    at pthread_kill.c:78
#2  0x00007ffff7de1abe in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007ffff7dca87f in __GI_abort () at abort.c:79
#4  0x00007ffff7dcb60f in __libc_message (fmt=fmt@entry=0x7ffff7f4552f "%s\n")
    at ../sysdeps/posix/libc_fatal.c:150
#5  0x00007ffff7e3c775 in malloc_printerr
    (str=str@entry=0x7ffff7f48298 "free(): invalid next size (fast)") at malloc.c:5651
#6  0x00007ffff7e3e6c4 in _int_free
    (av=0x7ffff7f78c80 <main_arena>, p=p@entry=0x4f2cc0, have_lock=have_lock@entry=0) at malloc.c:4508
#7  0x00007ffff7e411ce in __GI___libc_free (mem=0x4f2cd0) at malloc.c:3367
#8  0x00007ffff7253d6f in stream_gnutls_destroy (self=0x4f2cd0)
    at ../subprojects/neatvnc/src/stream-gnutls.c:75
#9  0x00007ffff724ee13 in stream_destroy (self=0x4f2cd0) at ../subprojects/neatvnc/src/stream.c:30
#10 0x00007ffff7245d7c in client_close (client=0x5194d0) at ../subprojects/neatvnc/src/server.c:123
#11 0x00007ffff7245e8c in client_unref (client=0x5194d0) at ../subprojects/neatvnc/src/server.c:141
#12 0x00007ffff724a3f9 in nvnc_client_close (client=0x5194d0) at ../subprojects/neatvnc/src/server.c:1815
#13 0x00007ffff7245f0a in close_after_write (userdata=0x5194d0, status=STREAM_REQ_DONE)
    at ../subprojects/neatvnc/src/server.c:154
#14 0x00007ffff724f0ba in stream_req__finish (req=0x4f2340, status=STREAM_REQ_DONE)
    at ../subprojects/neatvnc/src/stream-common.c:25
#15 0x00007ffff7253f23 in stream_gnutls__flush (base=0x4f2cd0)
    at ../subprojects/neatvnc/src/stream-gnutls.c:112
#16 0x00007ffff7254128 in stream_gnutls_send
    (self=0x4f2cd0, payload=0x4c5b30, on_done=0x7ffff7245eab <close_after_write>, userdata=0x5194d0)
    at ../subprojects/neatvnc/src/stream-gnutls.c:182
#17 0x00007ffff724ee92 in stream_send
    (self=0x4f2cd0, payload=0x4c5b30, on_done=0x7ffff7245eab <close_after_write>, userdata=0x5194d0)
    at ../subprojects/neatvnc/src/stream.c:37
#18 0x00007ffff724ef57 in stream_write
    (self=0x4f2cd0, payload=0x7fffffffbd50, len=33, on_done=0x7ffff7245eab <close_after_write>, userdata=0x5194d0) at ../subprojects/neatvnc/src/stream.c:50
#19 0x00007ffff7246172 in security_handshake_failed
    (client=0x5194d0, reason_string=0x7ffff72590f0 "Invalid username or password")
    at ../subprojects/neatvnc/src/server.c:223
#20 0x00007ffff72466e7 in on_vencrypt_plain_auth_message (client=0x5194d0)
    at ../subprojects/neatvnc/src/server.c:345
#21 0x00007ffff724894a in try_read_client_message (client=0x5194d0)
    at ../subprojects/neatvnc/src/server.c:1148
#22 0x00007ffff7248b86 in on_client_event (stream=0x4f2cd0, event=STREAM_EVENT_READ)
    at ../subprojects/neatvnc/src/server.c:1197
#23 0x00007ffff7253fb3 in stream_gnutls__on_readable (self=0x4f2cd0)
    at ../subprojects/neatvnc/src/stream-gnutls.c:128
#24 0x00007ffff7254056 in stream_gnutls__on_event (obj=0x51aed0)
    at ../subprojects/neatvnc/src/stream-gnutls.c:160
#25 0x00007ffff7f90a08 in aml__handle_event (self=0x4d0bf0, obj=0x51aed0)
    at ../subprojects/aml/src/aml.c:801
#26 0x00007ffff7f90c54 in aml_dispatch (self=0x4d0bf0) at ../subprojects/aml/src/aml.c:853
#27 0x00007ffff7f9c8a3 in vnc_aml_dispatch (fd=10, mask=1, data=0x4d0bf0)
    at ../libweston/backend-vnc/vnc.c:1055
#28 0x00007ffff7d098e2 in wl_event_loop_dispatch (loop=0x4153a0, timeout=timeout@entry=-1)
    at ../src/event-loop.c:1027
#29 0x00007ffff7d0a125 in wl_display_run (display=0x4152b0) at ../src/wayland-server.c:1493
#30 0x00007ffff7fb253a in wet_main (argc=1, argv=0x7fffffffcc48, test_data=0x0)
    at ../compositor/main.c:4203
#31 0x000000000040114b in main (argc=13, argv=0x7fffffffcc48) at ../compositor/executable.c:33
any1 commented 1 year ago

Should be fixed now. Can you confirm?

pH5 commented 1 year ago

Yes, it's fixed at 8872dece0ca65a565114d67bf4cbe734a5b996ce. Thanks!