Bug 586192 – gnome-keyring-daemon crashes when trying to decrypt SSH key

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 586192 - gnome-keyring-daemon crashes when trying to decrypt SSH key


Summary:	gnome-keyring-daemon crashes when trying to decrypt SSH key


Status:	RESOLVED FIXED

Product:	gnome-keyring
Classification:	Core
Component:	general
Version:	2.26.x
Hardware:	Other All

Importance:	Normal critical
Target Milestone:	---
Assigned To:	GNOME keyring maintainer(s)
QA Contact:	GNOME keyring maintainer(s)

URL:
Whiteboard:

Duplicates:	588443 (view as bug list)
Depends on:
Blocks:

Reported:	2009-06-18 04:16 UTC by Ryan Beasley
Modified:	2009-07-21 13:45 UTC

See Also:
GNOME target:	---
GNOME version:	2.25/2.26

Attachments
Call egg_secure_free instead of gcry_Free. (420 bytes, patch) 2009-06-18 04:18 UTC, Ryan Beasley	committed	Details \| Review

Description Ryan Beasley 2009-06-18 04:16:40 UTC

Steps to reproduce:
1. In a terminal, `eval gnome-keyring-daemon --start`.
2. ssh somehost
3. Kaboom.


Stack trace:
Program received signal SIGABRT, Aborted.

+ Trace 216059

Thread 140593057438032 (LWP 1029)

#0 raise
from /lib/libc.so.6
#1 abort
from /lib/libc.so.6
#2 ??
from /lib/libc.so.6
#3 ??
from /lib/libc.so.6
#4 free
from /lib/libc.so.6
#5 load_encrypted_key
#6 parsed_pem_block
#7 egg_openssl_pem_parse
#8 gck_ssh_openssh_parse_private_key
#9 unlock_private_key
#10 realize_and_take_data
#11 gck_ssh_private_key_parse


Other information:
This is on an amd64 host w/ a DSA key.

The problem is that gcry_free() is the wrong free routine to call from load_secure_key().  "decrypted" was allocated from gnome-keyring's own secure memory pool, and so it should call egg_memory_free instead.

--- gnome-keyring-2.26.1/pkcs11/ssh-store/gck-ssh-openssh.c.orig	2009-03-02 07:43:12.000000000 -0800
+++ gnome-keyring-2.26.1/pkcs11/ssh-store/gck-ssh-openssh.c	2009-06-17 20:41:05.000000000 -0700
@@ -176,7 +176,7 @@
 	
 	/* Try to parse */
 	ret = gck_data_der_read_private_key (decrypted, n_decrypted, skey);
-	gcry_free (decrypted);
+	egg_secure_free (decrypted);
 
 	if (ret != GCK_DATA_UNRECOGNIZED)
 		return ret;

Comment 1 Ryan Beasley 2009-06-18 04:18:21 UTC

Created attachment 136888 [details] [review]
Call egg_secure_free instead of gcry_Free.

Comment 2 Stef Walter 2009-06-26 14:42:56 UTC

Awesome, thanks for the patch. The patch is correct, but I'm not super clear on why the crash happened. It must have occurred in a strange scenario where secure memory wasn't available. 

Committed to gnome-keyring. Will be included in the 2.26.3 and later releases.

Comment 3 Stef Walter 2009-07-21 13:45:16 UTC

*** Bug 588443 has been marked as a duplicate of this bug. ***