reassign 499229 irssi-plugin-otr 0.3-2
thanks
I've been looking at this bug on several occasions, without fully
understanding why it ended up being assigned to irssi-plugin-xmpp in the
first place. My feeling today is that otr somehow messes with the ssl
encryption set up by xmpp / libloudmouth, so that when xmpp tears down
its connection, otr somehow accesses and frees invalid (already freed?)
memory. I have been testing the sequence
/load xmpp
/xmppconnect [-ssl] user@host passwd
/load otr
/quit
When calling /xmppconnect without the -ssl option on a server that
doesn't provide STARTTLS (prosody with its certificates disabled), no
segfault occurs.
valgrind's memcheck reports:
==25544== Invalid read of size 8
==25544== at 0xDA418E8: ??? (in /usr/lib/libotr.so.2.2.0)
==25544== by 0x958F97D: _gcry_free (global.c:868)
==25544== by 0x90DDF63: _gnutls_cipher_deinit (gnutls_cipher_int.c:147)
==25544== by 0x90E8524: _gnutls_epoch_free (gnutls_constate.c:786)
==25544== by 0x90F09B3: gnutls_deinit (gnutls_state.c:399)
==25544== by 0x8858218: _lm_ssl_close (lm-ssl-gnutls.c:300)
==25544== by 0x8852D87: connection_do_close (lm-connection.c:514)
==25544== by 0x8854B32: lm_connection_close (lm-connection.c:1375)
==25544== by 0x8637298: ??? (in /usr/lib/irssi/modules/libxmpp_core.so)
==25544== by 0x48E0B9: ??? (in /usr/bin/irssi)
==25544== by 0x48E56C: signal_emit (in /usr/bin/irssi)
==25544== by 0x488ECF: server_disconnect (in /usr/bin/irssi)
==25544== Address 0xaa7cd08 is 8 bytes before a block of size 1,167 alloc'd
==25544== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==25544== by 0x958E960: do_malloc (global.c:770)
==25544== by 0x958F888: _gcry_malloc (global.c:792)
==25544== by 0x958FA6E: _gcry_calloc (global.c:890)
==25544== by 0x9597A86: _gcry_cipher_open (cipher.c:786)
==25544== by 0x914C723: wrap_gcry_cipher_init (cipher.c:46)
==25544== by 0x90DDD7E: _gnutls_cipher_init (gnutls_cipher_int.c:64)
==25544== by 0x90E7C2D: _gnutls_init_record_state.isra.2
(gnutls_constate.c:299)
==25544== by 0x90E80DD: _gnutls_epoch_set_keys (gnutls_constate.c:431)
==25544== by 0x90E86ED: _gnutls_write_connection_state_init
(gnutls_constate.c:602)
==25544== by 0x90D3893: _gnutls_send_handshake_final
(gnutls_handshake.c:2888)
==25544== by 0x90D676B: _gnutls_handshake_common (gnutls_handshake.c:3121)
==25544==
==25544== Invalid free() / delete / delete[] / realloc()
==25544== at 0x4C27D4E: free (vg_replace_malloc.c:427)
==25544== by 0x958F97D: _gcry_free (global.c:868)
==25544== by 0x90DDF63: _gnutls_cipher_deinit (gnutls_cipher_int.c:147)
==25544== by 0x90E8524: _gnutls_epoch_free (gnutls_constate.c:786)
==25544== by 0x90F09B3: gnutls_deinit (gnutls_state.c:399)
==25544== by 0x8858218: _lm_ssl_close (lm-ssl-gnutls.c:300)
==25544== by 0x8852D87: connection_do_close (lm-connection.c:514)
==25544== by 0x8854B32: lm_connection_close (lm-connection.c:1375)
==25544== by 0x8637298: ??? (in /usr/lib/irssi/modules/libxmpp_core.so)
==25544== by 0x48E0B9: ??? (in /usr/bin/irssi)
==25544== by 0x48E56C: signal_emit (in /usr/bin/irssi)
==25544== by 0x488ECF: server_disconnect (in /usr/bin/irssi)
==25544== Address 0xaa7cd08 is 8 bytes before a block of size 1,167 alloc'd
==25544== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
==25544== by 0x958E960: do_malloc (global.c:770)
==25544== by 0x958F888: _gcry_malloc (global.c:792)
==25544== by 0x958FA6E: _gcry_calloc (global.c:890)
==25544== by 0x9597A86: _gcry_cipher_open (cipher.c:786)
==25544== by 0x914C723: wrap_gcry_cipher_init (cipher.c:46)
==25544== by 0x90DDD7E: _gnutls_cipher_init (gnutls_cipher_int.c:64)
==25544== by 0x90E7C2D: _gnutls_init_record_state.isra.2
(gnutls_constate.c:299)
==25544== by 0x90E80DD: _gnutls_epoch_set_keys (gnutls_constate.c:431)
==25544== by 0x90E86ED: _gnutls_write_connection_state_init
(gnutls_constate.c:602)
==25544== by 0x90D3893: _gnutls_send_handshake_final
(gnutls_handshake.c:2888)
==25544== by 0x90D676B: _gnutls_handshake_common (gnutls_handshake.c:3121)
I think this interpretation is also supported by the backtraces that
Thomas Frauendorfer supplied, so I'm reassigning to irssi-plugin-otr in
the hope that David has a better idea what's going on. BTW there seems
to be renewed activity upstream, with David Goulet
(https://github.com/dgoulet/irssi-otr) getting in...
Florian
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
