[Pkg-silc-devel] Bug#482145: FW: [PATCH] Fix for crash on expired keyboard_redirect prompt (i.e. crash on confirm server key change after disconnect from server)

Skywing Skywing at valhallalegends.com
Sun Nov 9 07:12:25 UTC 2008 

Forwarding this on to the debian bug tracking system, as there’s now a patch available (upstream has been notified and asked to integrate it, but they haven’t checked mail yet today).

You can git pull the patch using the information specified below from valera’s git daemon.

- S

From: silc-devel-bounces at lists.silcnet.org [mailto:silc-devel-bounces at lists.silcnet.org] On Behalf Of Skywing
Sent: Saturday, November 08, 2008 7:17 PM
To: silc-devel at lists.silcnet.org
Cc: Kp
Subject: [PATCH] Fix for crash on expired keyboard_redirect prompt (i.e. crash on confirm server key change after disconnect from server)

Hello,

The following changes ( available for git pulling @ git://valera-ext.nynaeve.net/silc.git ) fix the problem where an expired keyboard_redirect prompt (e.g. to confirm a server key change) crashes the silc client due to use after free.  The fix did require substantial reworking of how keyboard redirection works in the silc irssi frontend / silc irssi plugin, as they’re now wrapped in a silc_async wrapper.

I left the initial prompt for private key passphrase at boot time alone, since it doesn’t really have a problem with expiration due to the nature of it.

If a keyboard prompt request is made while a stale prompt is still pending, the new request is denied.  Until the irssi folks fix their keyboard_input_redirect API, this is the best we can do, as there’s no way to cancel a pending keyboard_input_redirect call, and making a new such request while a previous one was pending is a memory leak.

A more elegant solution would have been to cancel the outstanding keyboard_input_redirect request, but that requires major changes to how irssi’s keyboard input redirect pluggable system works, so this will have to do for now.  (A bug about that API being kinda broken by design has been entered in irssi’s bug tracking system.)

--

commit 5e7b2671da238a39001d1c4eb79f87ac56c2add2
Author: Skywing <skywing at valhallalegends.com>
Date:   Sat Nov 8 17:54:03 2008 -0500

    Fix crash on expired keyboard prompts



The following commits are also recommended to be included if they’re not already:


commit 9ada9d21e5378510e745b837035eac5b7b73d14c
Author: Skywing <skywing at valhallalegends.com>
Date:   Sat Jun 28 00:21:51 2008 -0500

    Add reference counting to SilcClientEntry/SilcServerEntry for getkey response.

    This is necessary in case the entry goes away before the user responds to the
    keyboard input request.  (Fix for getkey crash if a user logs off before one
    responds to the getkey prompt.)

commit 6fbdb9acb4b8f4f90632c5b317c4daf81f7b2ec4
Author: Skywing <skywing at valhallalegends.com>
Date:   Sat Jun 28 00:12:18 2008 -0500

    Fix initialization/deinitialization of various Silc*Entry objects.

    A number of init/deinit cases were failing to clean up
    certain resources.

commit 9145000948d0df9c9db99beb8d2f0855ba88e40c
Author: Skywing <skywing at valhallalegends.com>
Date:   Fri Jun 27 23:44:03 2008 -0500

    Fix reference counting for SilcServerEntry objects,

    analogous to the previous fixes for the broken
    reference counting for SilcChannelEntry and
    SilcClientEntry objects.

- S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/pkg-silc-devel/attachments/20081109/05578202/attachment.htm 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00001.c
Url: http://lists.alioth.debian.org/pipermail/pkg-silc-devel/attachments/20081109/05578202/attachment.txt

More information about the Pkg-silc-devel mailing list