Bug 775309 – Crash in gdbusauth

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 775309 - Crash in gdbusauth


Summary:	Crash in gdbusauth


Status:	RESOLVED FIXED

Product:	glib
Classification:	Platform
Component:	gdbus
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-11-29 10:53 UTC by Ignacio Casal Quinteiro (nacho)
Modified:	2016-11-29 22:22 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
gdbusauth: fix crash when server data send returns NULL (2.38 KB, patch) 2016-11-29 19:42 UTC, Ignacio Casal Quinteiro (nacho)	committed	Details \| Review

Description Ignacio Casal Quinteiro (nacho) 2016-11-29 10:53:09 UTC

This seems to happen on windows under some specific circumstances but it could also happen on any platform.

As you can see on the callstack we endup calling hexencode with a NULL string. Clearly _g_dbus_auth_mechanism_server_data_send might return null and this case is not handled.

Callstack:

 	gio-2.0.dll!hexencode(const char * str) Line 424	C
>	gio-2.0.dll!_g_dbus_auth_run_server(_GDBusAuth * auth, _GDBusAuthObserver * observer, const char * guid, int allow_anonymous, GDBusCapabilityFlags offered_capabilities, GDBusCapabilityFlags * out_negotiated_capabilities, _GCredentials * * out_received_credentials, _GCancellable * cancellable, _GError * * error) Line 1213	C
 	gio-2.0.dll!initable_init(_GInitable * initable, _GCancellable * cancellable, _GError * * error) Line 2533	C
 	gio-2.0.dll!g_initable_new_valist(unsigned __int64 object_type, const char * first_property_name, char * var_args, _GCancellable * cancellable, _GError * * error) Line 228	C
 	gio-2.0.dll!g_initable_new(unsigned __int64 object_type, _GCancellable * cancellable, _GError * * error, const char * first_property_name, ...) Line 152	C
 	gio-2.0.dll!g_dbus_connection_new_sync(_GIOStream * stream, const char * guid, GDBusConnectionFlags flags, _GDBusAuthObserver * observer, _GCancellable * cancellable, _GError * * error) Line 2785	C
 	gio-2.0.dll!on_run(_GSocketService * service, _GSocketConnection * socket_connection, _GObject * source_object, void * user_data) Line 982	C
 	gobject-2.0.dll!0000009c4ed8c633()	Unknown
 	gobject-2.0.dll!0000009c4ed8c309()	Unknown
 	gobject-2.0.dll!0000009c4ed67266()	Unknown
 	gobject-2.0.dll!0000009c4ed65abb()	Unknown
 	gobject-2.0.dll!0000009c4ed7a8ac()	Unknown
 	gobject-2.0.dll!0000009c4ed7b1e8()	Unknown
 	gio-2.0.dll!g_threaded_socket_service_func(void * _data, void * user_data) Line 90	C
 	glib-2.0.dll!0000009c4ec7a3da()	Unknown
 	glib-2.0.dll!0000009c4ec79c4a()	Unknown
 	glib-2.0.dll!0000009c4eca45c9()	Unknown
 	[External Code]	

Small irc script:

<nacho> alex, so if sha1 can return null in some case we should at least deal with that case
<alex> true
<alex> in that case it sets the new state to G_DBUS_AUTH_MECHANISM_STATE_REJECTED
<alex> so its probably fine to just do nothing if it returns null

Comment 1 Ignacio Casal Quinteiro (nacho) 2016-11-29 19:42:09 UTC

Created attachment 340992 [details] [review]
gdbusauth: fix crash when server data send returns NULL

_g_dbus_auth_mechanism_server_data_send may fail in which case
we would endup getting a NULL data. In this case we should not
try to encode the data and simply let the state machine to continue.
The auth mechanism will change internally to REJECTED so we just
need to continue the iteration.

Comment 2 Matthias Clasen 2016-11-29 20:14:17 UTC

Review of attachment 340992 [details] [review]:

looks good to me

Comment 3 Ignacio Casal Quinteiro (nacho) 2016-11-29 22:22:44 UTC

Attachment 340992 [details] pushed as 463a863 - gdbusauth: fix crash when server data send returns NULL