vinagre crashed on connecting to vnc

Bug #1071055 reported by test on 2012-10-24
216
This bug affects 29 people
Affects Status Importance Assigned to Milestone
libsecret
Fix Released
Medium
libsecret (Ubuntu)
Undecided
Marc Deslauriers
Quantal
High
Marc Deslauriers
Raring
Undecided
Marc Deslauriers

Bug Description

[Impact]
This bug makes vinagre unusable with existing connection profiles upon upgrade to 12.10.

[Test Case]
1. Install Ubuntu 12.04.
2. Use vinagre to connect to a vnc server that's configured to require a password. Do not save the password.
3. Upgrade to Ubuntu 12.10.
4. Try again to connect to the server. Confirm that it fails with a segfault.
5. Upgrade to the libsecret-1-0 in -proposed.
6. Try to connect to the server again. Confirm that it succeeds.

[Regression Potential]
This is a new upstream version release specifically to fix this crasher bug. There appears to be no risk of regression.

on ubuntu 12.10
ii vinagre 3.6.0-0ubuntu1 amd64 remote desktop client for the GNOME Desktop

when connecting to vnc which requires password authentication
vinagre will crash
this is because the usernaem inside the vinagre_tab_find_credentials_in_keyring function will be null

The following patch will resolve it

diff --git a/plugins/vnc/vinagre-vnc-tab.c b/plugins/vnc/vinagre-vnc-tab.c
index 10bed13..d591a29 100644
--- a/plugins/vnc/vinagre-vnc-tab.c
+++ b/plugins/vnc/vinagre-vnc-tab.c
@@ -492,7 +492,10 @@ vnc_authentication_cb (VncDisplay *vnc, GValueArray *credList, VinagreVncTab *vn

   if (need_password || need_username)
     {
- vinagre_tab_find_credentials_in_keyring (tab, &username, &password);
+ if (vinagre_connection_get_username (conn) != NULL)
+ {
+ vinagre_tab_find_credentials_in_keyring (tab, &username, &password);
+ }
       if ( (need_username && !username) || (need_password && !password) )
  {
    host = vinagre_connection_get_best_name (conn);

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in vinagre (Ubuntu):
status: New → Confirmed
Christian Smith (csmith) wrote :

I want to add that the patch works here as well for vinagre 3.6.0-0ubuntu1

Changed in vinagre:
importance: Unknown → Critical
status: Unknown → Confirmed
Marc Deslauriers (mdeslaur) wrote :

Actually, this looks like it was fixed in libsecret, not vinagre:

https://bugzilla.gnome.org/show_bug.cgi?id=686015

affects: vinagre (Ubuntu) → libsecret (Ubuntu)
Changed in libsecret (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libsecret (Ubuntu Quantal):
status: New → Confirmed
assignee: nobody → Marc Deslauriers (mdeslaur)
affects: vinagre → libsecret
Changed in libsecret:
importance: Critical → Unknown
status: Confirmed → Unknown
Marc Deslauriers (mdeslaur) wrote :

SRU Request:

Impact:

Vinagre immediately segfaults when attempting to connect to a vnc session with a password. This prevents it from being used to access remote desktops using desktop sharing. This is caused by libsecret improperly handling NULL usernames.

The only change between libsecret 0.10 and 0.11 is the fix for this issue. Hence, this SRU requests updates libsecret to 0.11.

[Test case]

1- Find a vnc server with a password
2- Attempt to connect with vinagre
3- Get password prompt instead of segfault

[Regression Potential]

libsecret now correctly returns an error when it is being used with NULL data, instead of crashing. Impact should be minimal.

Changed in libsecret:
importance: Unknown → Medium
status: Unknown → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libsecret - 0.11-0ubuntu1

---------------
libsecret (0.11-0ubuntu1) raring; urgency=low

  * New upstream release to fix segfault in vinagre from using an invalid
    attribute. (LP: #1071055)
 -- Marc Deslauriers <email address hidden> Wed, 31 Oct 2012 10:18:13 +0100

Changed in libsecret (Ubuntu Raring):
status: Confirmed → Fix Released
Steve Langasek (vorlon) on 2012-11-04
Changed in libsecret (Ubuntu Quantal):
status: Confirmed → Triaged
importance: Undecided → High

Hello test, or anyone else affected,

Accepted libsecret into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/libsecret/0.11-0ubuntu0.12.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

description: updated
Changed in libsecret (Ubuntu Quantal):
status: Triaged → Fix Committed
tags: added: verification-needed
Steve Langasek (vorlon) wrote :

I've verified that the described test case fixes the problem for me.

tags: added: verification-done
removed: verification-needed
Doug Nelson (doug-peacefulrock) wrote :

I installed the proposed package, and it fixed the issue for me as well.

Rick Born (rick-born) wrote :

You guys rock, this fixed the issue for me as well

libsecret-1 from proposed works very well and fixes the issue for me as well. Thanks.

Christian Smith (csmith) wrote :

proposed updates worked here too

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libsecret - 0.11-0ubuntu0.12.10.1

---------------
libsecret (0.11-0ubuntu0.12.10.1) quantal-proposed; urgency=low

  * New upstream release to fix segfault in vinagre from using an invalid
    attribute. (LP: #1071055)
 -- Marc Deslauriers <email address hidden> Wed, 31 Oct 2012 10:18:13 +0100

Changed in libsecret (Ubuntu Quantal):
status: Fix Committed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.