irssi-otr core dumps when /otr genkey on OpenBSD

[jirib]

Hello,

I found irssi-otr core dumping ("old" version even this new fork). It core dumps when generating key.

[(status)] /otr genkey jirib@xxxxxxxx.czirssi in free(): error: bogus pointer (double free?) 0x2bd40020

Program received signal SIGABRT, Aborted.
0x0bd6e67d in kill () from /usr/lib/libc.so.60.1
(gdb) bt
#0  0x0bd6e67d in kill () from /usr/lib/libc.so.60.1
#1  0x0bdd4de5 in abort () at /usr/src/lib/libc/stdlib/abort.c:68
#2  0x0bdd294d in wrterror (msg=Variable "msg" is not available.
) at /usr/src/lib/libc/stdlib/malloc.c:269
#3  0x0bdd3dc9 in free (ptr=0x2bd40020) at /usr/src/lib/libc/stdlib/malloc.c:1216
#4  0x008cf3f1 in g_free () from /usr/local/lib/libglib-2.0.so.2800.0
#5  0x0bcdf5ea in keygen_run () from /usr/local/lib/irssi/modules/libotr.so
#6  0x0bcdbbd8 in otr_deinit () from /usr/local/lib/irssi/modules/libotr.so
#7  0x1c092a8e in signal_stop ()
#8  0x1c09307f in signal_emit ()
#9  0x1c07e94f in command_runsub ()
#10 0x0bcdbc80 in otr_deinit () from /usr/local/lib/irssi/modules/libotr.so
#11 0x1c092a8e in signal_stop ()
#12 0x1c09307f in signal_emit ()
#13 0x1c07d71a in command_find ()
#14 0x1c092a8e in signal_stop ()
#15 0x1c09307f in signal_emit ()
#16 0x1c0147fc in get_idle_time ()
#17 0x1c092a8e in signal_stop ()
#18 0x1c09307f in signal_emit ()
#19 0x1c04d022 in key_info_find ()
#20 0x1c092a8e in signal_stop ()
#21 0x1c09307f in signal_emit ()
#22 0x1c04ce9f in key_pressed ()
#23 0x1c013c54 in get_idle_time ()
#24 0x1c092a8e in signal_stop ()
#25 0x1c09307f in signal_emit ()
#26 0x1c016c84 in gui_readline_init ()
#27 0x1c084a1e in mask_match ()
#28 0x0090edfd in g_io_channel_unix_get_fd () from /usr/local/lib/libglib-2.0.so.2800.0
#29 0x008c6397 in g_main_context_dispatch () from /usr/local/lib/libglib-2.0.so.2800.0
#30 0x008ca43e in g_main_context_prepare () from /usr/local/lib/libglib-2.0.so.2800.0
#31 0x008caa65 in g_main_context_iteration () from /usr/local/lib/libglib-2.0.so.2800.0
#32 0x1c026086 in main ()

If I should provide more info, please let me know. Thank you.

sys: OpenBSD 5.0-beta (i386) irssi-otr: 25. 7. 2011 (git) irssi: 0.8.15

[DrWhax]

I think this is about the same issue as ticket #5, I will investigate and brush up some openbsd skills :-)

[floort]

Debug tip for OpenBSD: ln -s 'DFG' /etc/malloc.conf See MALLOC(3) for the meaning. I didn't have time too properly reproduce this bug yet.

[Zilophagus]

I get the same segfault. I also tried to generate the keys from somewhere else, but it doesn't help. Any advance on that ?

[DrWhax]

Working on it.

cam0 are you using a shell somewhere where this occurs? Sofar, this only seems to happen if someone is running it from an openbsd or linux shell with restrictions.

[Zilophagus]

I am trying to run it on an OpenBsd in a screen, but without any particular restriction. I compiled the otr plugin (from git) myself with the last version or irssi (0.8.15), but it was a bit of a hacking (files missing, wrong path, etc).

/otr genkey nick@irc.server.com irssi in free(): error: bogus pointer (double free?) 0x26e7f020 zsh: abort (core dumped) irssi. Backtrace is pretty much the same:

0 0x06eae76d in kill () from /usr/lib/libc.so.58.0

(gdb) bt

0 0x06eae76d in kill () from /usr/lib/libc.so.58.0

1 0x06f0ee65 in abort () at /usr/src/lib/libc/stdlib/abort.c:68

2 0x06f0c9ed in wrterror (msg=Variable "msg" is not available.

) at /usr/src/lib/libc/stdlib/malloc.c:387

3 0x06f0de39 in free (ptr=0x26e7f020) at /usr/src/lib/libc/stdlib/malloc.c:1328

4 0x0b6470b0 in g_free () from /usr/local/lib/libglib-2.0.so.1802.0

5 0x03194f60 in keygen_run (accname=0x7e9f78d3 "nick@irc.server.com ")

at /tmp/irssi-otr-0.3/otr_key.c:161

6 0x03190b3a in cmd_genkey (data=0x7e9f78d3 "nick@irc.server.com ", server=0x86ae05e0,

item=0x7ea25400) at /tmp/irssi-otr-0.3/irssi_otr.c:182

7 0x1c09292e in signal_emit_real (rec=0x88224ce0, params=Variable "params" is not available.

) at signals.c:242

8 0x1c092f1f in signal_emit (signal=0x86f7c6c0 "command otr genkey", params=3)

at signals.c:286

9 0x1c07e7ef in command_runsub (cmd=0x2318d000 "otr",

data=0x7c7ee3cc "genkey nick@irc.server.com ", server=0x86ae05e0, item=0x7ea25400)
at commands.c:329

10 0x03190624 in cmd_otr (data=0x7c7ee3cc "genkey nick@irc.server.com ", server=0x86ae05e0,

item=0x7ea25400) at /tmp/irssi-otr-0.3/irssi_otr.c:94

11 0x1c09292e in signal_emit_real (rec=0x88224b20, params=Variable "params" is not available.

) at signals.c:242

12 0x1c092f1f in signal_emit (signal=0x84b1d780 "command otr", params=3) at signals.c:286

13 0x1c07d5ba in event_command (line=0x8008ba01 "otr genkey nick@irc.server.com ",

server=0x86ae05e0, item=0x7ea25400) at commands.c:899

14 0x1c09292e in signal_emit_real (rec=0x81e15820, params=Variable "params" is not available.

) at signals.c:242

15 0x1c092f1f in signal_emit (signal=0x3c0003cd "send command", params=3) at signals.c:286

16 0x1c01464c in key_send_line () at gui-readline.c:439

17 0x1c09292e in signal_emit_real (rec=0x813bc300, params=Variable "params" is not available.

) at signals.c:242

18 0x1c092f1f in signal_emit (signal=0x84b1d8f0 "key send_line", params=3) at signals.c:286

19 0x1c04cea2 in sig_multi (data=0x813bcd80 "check_replaces;send_line", gui_data=0x0)

at keyboard.c:639

20 0x1c09292e in signal_emit_real (rec=0x8b73cc60, params=Variable "params" is not available.

) at signals.c:242

21 0x1c092f1f in signal_emit (signal=0x84b1d790 "key multi", params=3) at signals.c:286

22 0x1c04cd1f in key_pressed (keyboard=0x7feaa870, key=0xcfbfb964 "^J") at keyboard.c:538

23 0x1c013aa4 in sig_gui_key_pressed (keyp=0xa) at gui-readline.c:406

24 0x1c09292e in signal_emit_real (rec=0x813bcca0, params=Variable "params" is not available.

) at signals.c:242

25 0x1c092f1f in signal_emit (signal=0x3c0006da "gui key pressed", params=1)

at signals.c:286

26 0x1c016ad4 in sig_input () at gui-readline.c:664

27 0x1c0848be in irssi_io_invoke (source=0x839aaf40, condition=0, data=0x7feaa690)

at misc.c:54

28 0x0b66e2bf in g_vasprintf () from /usr/local/lib/libglib-2.0.so.1802.0

29 0x0b6406cd in g_source_is_destroyed () from /usr/local/lib/libglib-2.0.so.1802.0

30 0x0b6416d5 in g_main_context_dispatch () from /usr/local/lib/libglib-2.0.so.1802.0

31 0x0b6419c7 in g_main_context_dispatch () from /usr/local/lib/libglib-2.0.so.1802.0

32 0x0b641bf8 in g_main_context_iteration () from /usr/local/lib/libglib-2.0.so.1802.0

33 0x1c025f16 in main (argc=1, argv=0x0) at irssi.c:356

Thanks,

c0

[DrWhax]

Another small question, what openbsd version are you running?

I'll hope to get this fixed soon.

[Zilophagus]

Damn, I forgot to add that: % uname -a OpenBSD [,,,] 4.9 GENERIC#671 i386

thanks

[Zilophagus]

I just had a look. 'dirname' is not portable, so I propose this patch that makes irssi-otr work for me:

[16:59 cam0 ~]% diff -u /tmp/irssiotr-HEAD-fd11e69/otr_key.c otr_key.c
--- /tmp/irssiotr-HEAD-fd11e69/otr_key.c      Sun Feb 22 01:29:14 2009
+++ otr_key.c   Thu Oct 27 16:43:29 2011
@@ -140,7 +140,8 @@
        int ret;
        int fds[2];
        char *filename = g_strconcat(get_client_config_dir(),TMPKEYFILE,NULL);
-       char *dir = dirname(g_strdup(filename));
+       char *filenamedup = g_strdup(filename);
+       char *dir = dirname(filenamedup);

        if (kg_st.status!=KEYGEN_NO) {
                if (strcmp(accname,kg_st.accountname)!=0)
@@ -153,13 +154,13 @@
                if (g_mkdir(dir,S_IRWXU)) {
                        otr_noticest(TXT_KG_ABORTED_DIR,
                                     accname,dir,strerror(errno));
-                       g_free(dir);
+                       g_free(filenamedup);
                        g_free(filename);
                        return;
                } else
                        otr_noticest(TXT_KG_MKDIR,dir);
        }
-       g_free(dir);
+       g_free(filenamedup);

        if (pipe(fds) != 0) {
                otr_noticest(TXT_KG_PIPE,

[DrWhax]

Excellent! I will test and merge it this weekend.

[DrWhax]

Pushed!

I will close the issue, feel free to reopen if something broke.