Crash in crypto_cert_subject_alt_name when connecting

The attachment "crypto.c.diff" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

Status changed to 'Confirmed' because the bug affects multiple users.

Also having this issue (seen in remmina or xfreerdp clients). Precise/12.04LTS, libfreerdp 1.0.1-1ubuntu2.1

https://bugs.launchpad.net/ubuntu/+source/remmina/+bug/941107

indicates a workaround: switch to "RDP" for security instead of "negotiate". This works for me.

It is not clear to me what changing the security means. The bug itself is not neccessarily a security issue. The workaround might be. If HTTPS doesn't work, would anyone suggest HTTP for online banking?

It's really time for a maintainer to look at the issue.

Very true. I just posted quickly this morning to lend some weight to
this bug and at least indicate a workaround.

So, I've read up a little bit and fiddled with the remmina client.
I've found that using NLA authentication causes remmina to segfault.
TLS and RDP both seem to work fine, so there is (I think) a more
secure workaround available in TLS authentication. Its a libfreerdp
issue addressed in this issue:

https://github.com/FreeRDP/FreeRDP/issues/412

Which had a fix similar to your patch. It seems to be in the master
branch, but not their 1.0 stable.

Best

On Tue, Oct 2, 2012 at 8:04 AM, Kai Pastor <email address hidden> wrote:
> It is not clear to me what changing the security means. The bug itself
> is not neccessarily a security issue. The workaround might be. If HTTPS
> doesn't work, would anyone suggest HTTP for online banking?
>
> It's really time for a maintainer to look at the issue.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1019252
>
> Title:
> Crash in crypto_cert_subject_alt_name when connecting
>
> Status in “freerdp” package in Ubuntu:
> Confirmed
>
> Bug description:
> Release: Ubuntu 12.04 LTS
> Package: libfreerdp1 (1.0.1-1ubuntu2.1)
>
> I observed crashes in crypto_cert_subject_alt_name() when connecting
> to some hosts with remmina or xfreerdp. The particular DNS name is
> actually realized by a cluster of machines, and this is reflected in
> the certificate.
>
> It seems to me that crypto_cert_subject_alt_name(...) allocates memory
> for "int** lengths" as an array of pointers to integer, but not for
> the integers themselves. After adding the additional memory
> allocation, I had no more crashes at that point. (I must admit that I
> didn't check whether/where the allocated memory gets released.)
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/freerdp/+bug/1019252/+subscriptions

--
Hey! Somebody punched the foley guy!
   - Crow, MST3K ep. 508