GNOME Bugzilla – Bug 677741
[PATCH] pan crashes while fetching new headers
Last modified: 2012-06-09 15:28:11 UTC
Created attachment 216021 [details] [review] pan-0.137-validate-pass-after-get-server-auth.patch After upgrading to the pan-0.137 package in Fedora 17, pan started segfaulting on Groups -> "Get new headers in subscribed groups". The Fedora pan packages were always built with Gnome keyring enabled. A analysis of the crash, a backtrace and a patch against pan-0.137 is provided below. (I believe the same bug can happen on pan git master) Analysis: 1. While trying to get new headers from news.gmane.org, pan::DataImpl::get_server_auth(server, user, pass) can set the out parameter "pass" to -1 on a build with Gnome keyring support enabled. I've verified that this always in the "GNOME_KEYRING_RESULT_OK" case. 2. In NNTP_Pool::on_socket_created(), the "gchar *pass" with an invalid address of -1 would be passed to the pan:NNTP ctor, which causes a crash when it tries to initialize the "std::string _password" from the invalid pointer. Backtrace:
+ Trace 230331
$7 = (gchar *) 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>
was already fixed in git, please open again if it doesn't work for you.
(In reply to comment #1) Heinrich, I checked with git master and the same bug can be triggered with these steps: 1. "Edit" -> "Edit Preferences" -> Miscellaneous Tab -> check "Store passwords in GNOME Keyring" at the bottom of the page. 2. "Groups" -> "Get new headers in subscribed groups" I've read the code some more, the problem is that in DataImpl::get_server_auth(), the "pw" field of the "PasswordData pw" local variable can be used without initialization if GNOME the server doesn't require a password and GNOME keyring is enabled. I've updated my trivial patch to make DataImpl::password_decrypt() always set "pw.pw" to a valid string.
Created attachment 216033 [details] [review] DataImpl-password_decrypt-ensure-pw.pw-is-valid-on-r.patch
Ok, done, thanks.