Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-1140

Starting/joining an RDP connection may segfault depending on timing of underlying RDP/SFTP connection(s)

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 1.2.0, 1.5.4
    • 1.5.5
    • RDP
    • None

    Description

      If a user joins an RDP connection leveraging Guacamole's session sharing functionality, but the underlying connection to the RDP server has not yet been established, a segfault may occur while handling the join operation:

      #1  0x000055da270e5de9 in guac_common_list_lock (list=<optimized out>) at list.c:75
#2  0x00007f8bb956c5cb in guac_rdp_pipe_svc_send_pipes (user=user@entry=0x7f8bac00d5e0) at channels/pipe-svc.c:49
#3  0x00007f8bb957a0cb in guac_rdp_user_join_handler (user=0x7f8bac00d5e0, argc=<optimized out>, argv=<optimized out>) at user.c:92
#4  0x00007f8bbb1d134a in guac_client_add_user (client=client@entry=0x7f8b280060e0, user=user@entry=0x7f8bac00d5e0, argc=argc@entry=76,
    argv=<optimized out>) at client.c:286
#5  0x00007f8bbb1d8bea in guac_user_handle_connection (user=user@entry=0x7f8bac00d5e0, usec_timeout=usec_timeout@entry=15000000)
    at user-handshake.c:337
#6  0x000055da270e5a96 in guacd_user_thread (data=0x7f8b280ad010) at proc.c:98
#7  0x00007f8bbade2fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486
#8  0x00007f8bba71f4cf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      This is because the relevant structure (rdp_client->available_svc) is not actually allocated until later in the RDP-specific connection initialization process, which occurs in its own thread spawned by the connection owner. If that allocation has not yet occurred, the attempt to synchronize the newly-joined user with the current session state will result in a segfault.

      Original context:

      I am running guacd from docker on an Ubuntu 20.04 host. Connections to guacd are from a custom backend using the official guacamole-common 1.1.0 maven artifact with a websocket.

      To demonstrate stuff (teaching) multiple connections (10-12) are opened as shared sessions with the read-only property set after a leading session is opened and the connection id is propagated. The shared connections are all opened simultaneously - and closed (more or less) simultaneously, often together with the leading session.

      Shared drive is disabled.

      Most of the time it works flawlessly, until guacd segfaults.

      Attachments

        1. core.lzma
          1.58 MB
          Thomas Kruse

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. GUACAMOLE-1890 Segfault in RDP Connection Pending Join Handler

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. GUACAMOLE-1846 Race condition can cause the first user for a connection to miss updates

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              vnick Nick Couchman
              everflux Thomas Kruse
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: