[qca] [Bug 408137] New: QCA::TLS handshaken is emitted with a broken certificate instance leading to a crash

Fri, 31 May 2019 01:43:58 -0700 

https://bugs.kde.org/show_bug.cgi?id=408137

            Bug ID: 408137
           Summary: QCA::TLS handshaken is emitted with a broken
                    certificate instance leading to a crash
           Product: qca
           Version: unspecified
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: dr...@land.ru
          Reporter: rion...@gmail.com
                CC: br...@frogmouth.net, jus...@karneges.com
  Target Milestone: ---

The above was noticed with Psi instant messenger on wakeup from sleep.
On handshaken() it tries to tls->peerCertificateChain().primary();
Crashes in copy constructor of QCA::Certificate

#6  0x00007f29cb340af9 in QCA::Algorithm::operator=(QCA::Algorithm const&) ()
from /usr/lib/libqca-qt5.so.2
#7  0x00007f29cb341d35 in QCA::Algorithm::Algorithm(QCA::Algorithm const&) ()
from /usr/lib/libqca-qt5.so.2
#8  0x00007f29cb32f502 in QCA::Certificate::Certificate(QCA::Certificate
const&) () from /usr/lib/libqca-qt5.so.2
#9  0x00005630b910b153 in CertificateHelpers::checkCertificate(QCA::TLS*,
XMPP::QCATLSHandler*, QString&, QByteArray&, QObject*, QString const&, QString
const&) ()
#10 0x00005630b8d42f62 in PsiAccount::tls_handshaken() ()
#11 0x00005630b8c8ca07 in ?? ()
#12 0x00007f29c33981d7 in QMetaObject::activate(QObject*, int, int, void**) ()
from /usr/lib/libQt5Core.so.5
#13 0x00007f29c33981d7 in QMetaObject::activate(QObject*, int, int, void**) ()
from /usr/lib/libQt5Core.so.5
#14 0x00007f29cb372522 in QCA::TLS::Private::processNextAction() () from
/usr/lib/libqca-qt5.so.2
#15 0x00007f29cb36c776 in ?? () from /usr/lib/libqca-qt5.so.2
#16 0x00007f29c33981d7 in QMetaObject::activate(QObject*, int, int, void**) ()
from /usr/lib/libQt5Core.so.5
#17 0x00007f29c3398a3b in QObject::event(QEvent*) () from
/usr/lib/libQt5Core.so.5
#18 0x00007f29c3898da4 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() from /usr/lib/libQt5Widgets.so.5
#19 0x00007f29c38a03c1 in QApplication::notify(QObject*, QEvent*) () from
/usr/lib/libQt5Widgets.so.5
#20 0x00007f29c336d849 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
() from /usr/lib/libQt5Core.so.5
#21 0x00007f29c33c1d15 in QTimerInfoList::activateTimers() () from
/usr/lib/libQt5Core.so.5

Assuming certicate chain can't be empty in this case it's likely the chain has
a certificate with some dangling pointers.
Note Psi handles this in the same thread and there is no any
Qt::QueuedConnection (it's visible from the stack above).

I currently can't provide more details except it happened on Manjaro Linux
18.0.4

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to