GNOME Bugzilla – Bug 697566
Crash when unlock gnome-keyring
Last modified: 2013-04-12 15:04:47 UTC
nm-applet compiled from current nma-0-9-8 git branch (commit f5a02541badff5c1790f13d786f6c396cc7af91a). libsecret-0.15 gnome-keyring-3.8.0 This bug occures if gnome-keyring was locked when nm-applet asks it for the secrets. In this case secret_item_get_attributes() (called from keyring_find_secrets_cb()) returns something like this in the attributes: key=gkr:compat:hashed:connection-uuid value=2d3d36cf172d7ec1fc4f24e4a9d505dd key=gkr:compat:hashed:setting-key value=24b692eb6c30630a262937abc1e25192 key=gkr:compat:hashed:setting-name value=d4e1f4563c931c53dba89c06acb04541 key=gkr:compat:hashed:xdg:schema value=ec1bf9e891d588ba34f4d1227c6463ee key=xdg:schema value=org.freedesktop.Secret.Generic There is no "setting-key" key in the hash table and g_hash_table_lookup (attributes, KEYRING_SK_TAG) returns NULL, so it crashes during strdup() call. But if gnome-keyring already unlocked then all works fine. More likely bug in the libsecret, but nm-aplet shouldn't crash in any case.
Hmmm, no backtrace. So some assumptions... But secret_item_get_secret() shouldn't be returning a secret if the item is locked. Mikhail, can you add a line like this to see what's going on? if (secret) { + g_printerr ("locked: %d %d\n", secret_item_get_locked (item), secret_value_get (secret, NULL) ? 1 : 0); But in any case, you want to not crash here because someone else could have stored an item without the needed attribute. So this is definitely part of the fix: diff --git a/src/applet-agent.c b/src/applet-agent.c index 6b15ec7..731dc7b 100644 --- a/src/applet-agent.c +++ b/src/applet-agent.c @@ -364,6 +364,9 @@ keyring_find_secrets_cb (GObject *source, if (secret) { attributes = secret_item_get_attributes (item); key_name = g_hash_table_lookup (attributes, KEYRING_SK_T + if (!key_name) + continue; + g_hash_table_insert (secrets, g_strdup (key_name), string_to_gvalue (secret_value_get
Created attachment 241186 [details] [review] applet-agent: Don't assume that KEYRING_SK_TAG is present in attributes Someone may have manually modified the item outside of network-manager so its best not to crash here.
Thanks, pushed.
This patch definitely fixes the crash, but 'attributes' and 'secret' objects should be freed in this case too: diff --git a/src/applet-agent.c b/src/applet-agent.c index 731dc7b..1a134f2 100644 --- a/src/applet-agent.c +++ b/src/applet-agent.c @@ -364,8 +364,11 @@ keyring_find_secrets_cb (GObject *source, if (secret) { attributes = secret_item_get_attributes (item); key_name = g_hash_table_lookup (attributes, KEYRING_SK_TAG); - if (!key_name) + if (!key_name) { + g_hash_table_unref (attributes); + secret_value_unref (secret); continue; + } g_hash_table_insert (secrets, g_strdup (key_name), string_to_gvalue (secret_value_get (secret, NULL)));
But there is something wrong with attributes still. I added some debug in the keyring_find_secrets_cb(): +static void +print_ht(gpointer key, gpointer value, gpointer unused) +{ + g_printerr ("key=%s\t value=%s\n", (char *)key, (char *)value); +} + static void keyring_find_secrets_cb (GObject *source, GAsyncResult *result, gpointer user_data) @@ -362,11 +368,44 @@ keyring_find_secrets_cb (GObject *source, secret = secret_item_get_secret (item); if (secret) { + g_printerr ("locked: %d %d\n", secret_item_get_locked (item), + secret_value_get (secret, NULL) ? 1 : 0); + g_printerr ("secret: %s\n", secret_value_get (secret, NULL)); attributes = secret_item_get_attributes (item); + g_hash_table_foreach (attributes, print_ht, NULL); + key_name = g_hash_table_lookup (attributes, KEYRING_SK_TAG); Then open some test connection in the nm-connection-editor. First time when keyring is locked (I need to enter a password for keyring): locked: 0 1 secret: 12345 key=gkr:compat:hashed:connection-uuid value=daadfd7e86bf954e22801db8136937ca key=gkr:compat:hashed:setting-key value=24b692eb6c30630a262937abc1e25192 key=gkr:compat:hashed:setting-name value=d4e1f4563c931c53dba89c06acb04541 key=gkr:compat:hashed:xdg:schema value=ec1bf9e891d588ba34f4d1227c6463ee key=xdg:schema value=org.freedesktop.Secret.Generic Here '12345' is valid secret for this connection, but attributes wrong and "Key" field in the nm-connection-editor is empty. Second time when keyring unlocked already: locked: 0 1 secret: 12345 key=xdg:schema value=org.freedesktop.NetworkManager.Connection key=setting-name value=802-11-wireless-security key=setting-key value=wep-key0 key=connection-uuid value=b3e834af-03a9-43f9-a0dd-4c33c6045b38 And in this case all works fine. Seems like bug in the libsecret for me, not in the nm-applet itself. But I know little about libsecret, so I hoped that someone with more knowledge can reproduce this problem and fill a bug if necessary.