Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-898

Segment fault when two users race on same connection

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 1.0.0
    • None
    • libguac, RDP, SSH, VNC
    • None

    Description

      The VNC/RDP and SSH plugins all create a display/term in connection owner guac_vnc_client_thread/guac_rdp_client_thread and ssh_client_thread thread.

      However, the client->display or client->term is immediately used in non-owner threads.

      If two users are racing on the same connection and the client->display or client->term is not ready for the non-owner, then:

      guac_common_display_dup(vnc_client->display, user, user->socket);

      or

      guac_common_display_dup(rdp_client->display, user, user->socket);

       or

      guac_terminal_dup(ssh_client->term, user, user->socket);

      can result in segment fault because the display/term pointer can still be a NULL pointer.

      Here is a stack trace:

      Program received signal SIGSEGV, Segmentation fault.
      [Switching to Thread 0x7ff9c2fad700 (LWP 9)]
      0x00007ff9cbcd1cc0 in pthread_mutex_lock () from /lib64/libpthread.so.0
      Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.6-13.el7.x86_64 cairo-1.15.12-4.el7.x86_64 dbus-libs-1.10.24-13.el7_6.x86_64 elfutils-libelf-0.176-2.el7.x86_64 elfutils-libs-0.176-2.el7.x86_64 expat-2.1.0-10.el7_3.x86_64 flac-libs-1.3.0-5.el7_1.x86_64 fontconfig-2.13.0-4.3.el7.x86_64 freetype-2.8-14.el7.x86_64 glibc-2.17-292.el7.x86_64 gmp-6.0.0-15.el7.x86_64 gnutls-3.3.29-9.el7_6.x86_64 gsm-1.0.13-11.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-37.el7_7.2.x86_64 libICE-1.0.9-9.el7.x86_64 libSM-1.2.2-2.el7.x86_64 libX11-1.6.7-2.el7.x86_64 libXau-1.0.8-2.1.el7.x86_64 libXext-1.3.3-3.el7.x86_64 libXi-1.7.9-1.el7.x86_64 libXrender-0.9.10-1.el7.x86_64 libXtst-1.2.3-1.el7.x86_64 libasyncns-0.8-7.el7.x86_64 libattr-2.4.46-13.el7.x86_64 libcap-2.22-10.el7.x86_64 libcom_err-1.42.9-16.el7.x86_64 libffi-3.0.13-18.el7.x86_64 libgcc-4.8.5-39.el7.x86_64 libgcrypt-1.5.3-14.el7.x86_64 libglvnd-1.0.1-0.8.git5baa1e5.el7.x86_64 libglvnd-egl-1.0.1-0.8.git5baa1e5.el7.x86_64 libglvnd-glx-1.0.1-0.8.git5baa1e5.el7.x86_64 libgpg-error-1.12-3.el7.x86_64 libjpeg-turbo-1.2.90-8.el7.x86_64 libogg-1.3.0-7.el7.x86_64 libpng-1.5.13-7.el7_2.x86_64 libselinux-2.5-14.1.el7.x86_64 libsndfile-1.0.25-10.el7.x86_64 libtasn1-4.10-1.el7.x86_64 libuuid-2.23.2-61.el7.x86_64 libvncserver-0.9.9-13.el7_6.x86_64 libvorbis-1.3.3-8.el7.1.x86_64 libwebp-0.3.0-7.el7.x86_64 libxcb-1.13-1.el7.x86_64 lz4-1.7.5-3.el7.x86_64 lzo-minilzo-2.06-8.el7.x86_64 nettle-2.7.1-8.el7.x86_64 openssl-libs-1.0.2k-19.el7.x86_64 p11-kit-0.23.5-3.el7.x86_64 pcre-8.32-17.el7.x86_64 pixman-0.34.0-1.el7.x86_64 pulseaudio-libs-10.0-5.el7.x86_64 systemd-libs-219-67.el7_7.2.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64 uuid-1.6.2-26.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-18.el7.x86_64
      (gdb) bt
      #0  0x00007ff9cbcd1cc0 in pthread_mutex_lock () from /lib64/libpthread.so.0
      #1  0x00007ff9c05a0bd3 in guac_common_display_dup (display=0x0, user=user@entry=0x7ff9900008c0, socket=0x7ff990000b60) at display.c:169
      #2  0x00007ff9c059fbd7 in guac_vnc_user_join_handler (user=0x7ff9900008c0, argc=<optimized out>, argv=0x7ff9900048a0) at user.c:87
      #3  0x00007ff9cbeeafc8 in guac_client_add_user (client=client@entry=0x7ff9a4000bb0, user=user@entry=0x7ff9900008c0, argc=22, argv=<optimized out>)
          at client.c:307
      #4  0x00007ff9cbef2311 in guac_user_handle_connection (user=0x7ff9900008c0, usec_timeout=15000000) at user-handshake.c:414
      (gdb)
      

      Attachments

        Activity

          People

            Unassigned Unassigned
            changkun Changkun Ou
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: