[
https://issues.apache.org/jira/browse/GUACAMOLE-1555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nick Couchman updated GUACAMOLE-1555:
-------------------------------------
Priority: Minor (was: Major)
> guacd_log() may trigger a segfault in connection cleanup phase
> --------------------------------------------------------------
>
> Key: GUACAMOLE-1555
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1555
> Project: Guacamole
> Issue Type: Bug
> Components: guacd
> Environment: guacamole-server-1.4.0 with a customized rdp protocol
> plugin
> Reporter: Sami Pönkänen
> Priority: Minor
>
> If a guacamole protocol plugin initializes syslog by calling openlog() with a
> non-NULL ident string, then any calls from guacd to syslog() happening after
> the plugin has been unloaded may trigger a segfault.
> An example gdb backtrace of such segfault:
> {code:java}
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffff32a5700 (LWP 4585)]
> __strlen_sse2 () at ../sysdeps/x86_64/strlen.S:31
> 31 movdqu (%rdi), %xmm1
> Missing separate debuginfos, use: debuginfo-install...
> (gdb) bt
> #0 __strlen_sse2 () at ../sysdeps/x86_64/strlen.S:31
> #1 0x00007ffff6157805 in __GI_fputs_unlocked (str=0x7ffff283402c <Address
> 0x7ffff283402c out of bounds>, fp=fp@entry=0x7fffec011630)
> at iofputs_u.c:34
> #2 0x00007ffff61d65d8 in __GI___vsyslog_chk (pri=<optimized out>,
> flag=flag@entry=-1, fmt=0x5f300f "%s", ap=ap@entry=0x7ffff32a4238)
> at ../misc/syslog.c:205
> #3 0x00007ffff61d6aaf in __syslog (pri=<optimized out>, fmt=<optimized out>)
> at ../misc/syslog.c:117
> #4 0x0000000000407242 in vguacd_log (level=GUAC_LOG_DEBUG, format=0x5f3298
> "Client terminated successfully.", args=0x7ffff32a4b68)
> at log.c:89
> #5 0x0000000000407315 in guacd_log (level=GUAC_LOG_DEBUG, format=0x5f3298
> "Client terminated successfully.") at log.c:100
> #6 0x0000000000407ab6 in guacd_exec_proc (proc=0x7fffec00ae20,
> protocol=0x7fffec002de3 "rdp") at proc.c:363
> #7 0x0000000000407cde in guacd_create_proc (protocol=0x7fffec002de3 "rdp")
> at proc.c:443
> #8 0x000000000040663e in guacd_route_connection (map=0x7ffff7ee2010,
> socket=0x7fffec0008c0) at connection.c:301
> #9 0x0000000000406846 in guacd_connection_thread (data=0x10d36d0) at
> connection.c:396
> #10 0x00007ffff720bea5 in start_thread (arg=0x7ffff32a5700) at
> pthread_create.c:307
> #11 0x00007ffff61dc9fd in clone () at
> ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 {code}
> In guacamole-server-1.4.0 all potentially crashing guacd_log() calls are in
> function guacd_exec_proc() in src/guacd/proc.c after line 358, in other words
> all calls after the guacd protocol plugin has been unloaded.
> The issue can be fixed by calling openlog() again in src/guacd/proc.c on line
> 355.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
