Bug 775890 – Fix crash when passing empty hostname to vnc_connection_open_host

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 775890 - Fix crash when passing empty hostname to vnc_connection_open_host


Summary:	Fix crash when passing empty hostname to vnc_connection_open_host


Status:	RESOLVED FIXED

Product:	gtk-vnc
Classification:	Other
Component:	general
Version:	unspecified
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtk-vnc-maint
QA Contact:	gtk-vnc-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-12-09 15:39 UTC by Christophe Fergeau
Modified:	2017-02-14 09:25 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Avoid crash if attempt to connect to an invalid host or port (2.03 KB, patch) 2016-12-09 15:39 UTC, Christophe Fergeau	none	Details \| Review
Add preconditions to VncDisplay public methods (4.39 KB, patch) 2016-12-09 15:39 UTC, Christophe Fergeau	none	Details \| Review
README: Update URL to home page (658 bytes, patch) 2016-12-09 15:39 UTC, Christophe Fergeau	none	Details \| Review

Description Christophe Fergeau 2016-12-09 15:39:38 UTC

https://bugzilla.redhat.com/show_bug.cgi?id=1378031 describes a crash
with remote-viewer vnc:foo:1 which can be avoided with more careful checks on
input parameters in gtk-vnc.

Comment 1 Christophe Fergeau 2016-12-09 15:39:41 UTC

Created attachment 341680 [details] [review]
Avoid crash if attempt to connect to an invalid host or port

If vnc_display_open_host() is called with a NULL port or host,
vnc_connection_open_host_internal() will eventually crash.
This commits adds runtime checks to return early with
g_return_val_if_fail() when this happens rather than
crashing

 #0  0x00007ffff37de3d3 in __strchr_sse2 () at ../sysdeps/x86_64/strchr.S:32
 #1  0x00007ffff4661a17 in g_inet_socket_address_new_from_string (address=0x0, port=0)
     at ginetsocketaddress.c:416
 #2  0x00007ffff466b784 in g_network_address_parse_sockaddr (addr=addr@entry=0x969f50 [GNetworkAddress])
     at gnetworkaddress.c:245
 #3  0x00007ffff466ba94 in g_network_address_address_enumerator_next (enumerator=0x972ca0 [GNetworkAddressAddressEnumerator], cancellable=0x0, error=<optimized out>) at gnetworkaddress.c:919
 #4  0x00007ffff727130b in vnc_connection_open_host_internal (conn=0x99bbf0 [VncConnection])
     at vncconnection.c:5395
 #5  0x00007ffff7271523 in vnc_connection_coroutine (opaque=0x99bbf0) at vncconnection.c:5448
 #6  0x00007ffff7272e54 in coroutine_trampoline (cc=0x998080) at coroutine_ucontext.c:55
 #7  0x00007ffff7272b65 in continuation_trampoline (i0=10059904, i1=0) at continuation.c:43
 #8  0x00007ffff379dc00 in __start_context () at /lib64/libc.so.6
 #9  0x0000000000998448 in  ()
 #10 0x0000000000000000 in  ()

Comment 2 Christophe Fergeau 2016-12-09 15:39:46 UTC

Created attachment 341681 [details] [review]
Add preconditions to VncDisplay public methods

This should catch invalid arguments being passed to these. This required
moving the VncDisplayPrivate *priv = display->priv; assignment as the
VNC_IS_DISPLAY(display) check is also a NULL check which we want to
happen before dereferencing it.

Comment 3 Christophe Fergeau 2016-12-09 15:39:50 UTC

Created attachment 341682 [details] [review]
README: Update URL to home page

The old page no longer seems to exist in GNOME's wiki.

Comment 4 Daniel P. Berrange 2017-02-08 12:37:32 UTC

Thanks applied all patches to git master.

Comment 5 Daniel P. Berrange 2017-02-14 09:25:28 UTC

Fixed in 0.7.0 release