nm-connection-editor crashes when trying to modify connection without gnome-keyring installed

Bug #1806269 reported by TJ on 2018-12-02
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Network Manager Applet
Fix Released
Medium
network-manager-applet (Debian)
Fix Released
Unknown
network-manager-applet (Ubuntu)
Low
Unassigned
Bionic
Medium
Unassigned

Bug Description

* Impact
the connection editor segfault when using without gnome-keyring

* Test case
uninstall gnome-keyring and try to edit a connection, it shouldn't segfault

* Regression potential
the fix changes an error handling case, it shouldn't impact normal use

--------------------

Thread 1 "nm-connection-e" received signal SIGSEGV, Segmentation fault.
0x00007ffff7ba6b53 in modules_initialized (object=<optimised out>, res=0x555556048a40, user_data=<optimised out>) at src/libnma/nma-cert-chooser-button.c:98
98 src/libnma/nma-cert-chooser-button.c: No such file or directory.

This occurs when the package "gnome-keyring" is not installed.

Steps to reproduce on my system:
- Run 'nm-connection-editor'
- Select any network (in my case, a home WLAN for which the computer
  doesn't have the password yet; but *all other* networks are also affected)
- Click the 'Edit' button

Expected behavior: Not sure how, but it should open the configuration
dialog eventually.

Actual behavior: Segfault in src/libnma/nma-cert-chooser-button.c:95

Relevant part of gdb's output:

    #0 0xb76b121e in modules_initialized (object=0x0, res=0x8104d8e0,
    user_data=0x81058178) at src/libnma/nma-cert-chooser-button.c:95
            self = 0x81058178 [NMACertChooserButton]
            error = 0x0
            modules = 0x0
            iter = {stamp = -2134551640, user_data = 0x80c553c8,
                    user_data2 = 0x1, user_data3 = 0x80f8af20}

And line 95 is:

    93 if (!modules) {
    94 /* The Front Fell Off. */
    95 g_critical ("Error getting registered modules: %s",
                                error->message);
    96 g_error_free (error);
    97 }

It tries to access the 'message' field of 'error', which is null.
So there is a soft-error (no modules found), which is then handled badly at
some point ('error' ends up being null-but-accessed).

'error' probably should be written by
'gck_modules_initialize_registered_finish',
and I have no idea why it doesn't.

Not sure if the problem is with gck or with libnma's usage of it.

Assuming it's libnma's fault, is this the right place to report bugs?
Can someone look into it and maybe even fix it?

Cheers,
Ben
PS: Already report downstream in the Debian BTS as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865013#41

I forgot to mention: This is *not* related to any of the existing bugs, for the following reasons:
- 781580: Different kind of behavior. Here: segfault; there: disabled buttons.
- 768986: Crashes in a different place.
- 733034: May have the same underlying cause, but sounds different enough.
- 755663: Here: broken existing feature; there: proposed/missing feature.

Download full text (6.5 KiB)

I believe I am having a related (or the same issue). With network-manager-gnome 1.8.10, I also get a crash on clicking the "Edit" icon for any network. I have discovered this only occurs when I have the opensc-pkcs11 package installed.

I get this message before the segfault:

(nm-connection-editor:29856): Gck-WARNING **: couldn't get slot info: An error occurred on the device
[1] 29856 segmentation fault (core dumped) nm-connection-editor

My full backtrace:

#0 0x00007ffff7ba931e in is_this_a_slot_nobody_loves (slot=0x55555612ac60) at src/libnma/nma-cert-chooser-button.c:69
#1 0x00007ffff7ba931e in modules_initialized (object=<optimized out>, res=<optimized out>, user_data=user_data@entry=0x555555f92730) at src/libnma/nma-cert-chooser-button.c:113
#2 0x00007ffff54c9af4 in process_result (unused=0x0, call=0x555555e3aaa0) at gck/gck-call.c:151
#3 0x00007ffff54c9af4 in process_completed (klass=<optimized out>) at gck/gck-call.c:165
#4 0x00007ffff54ca43c in _gck_call_async_go (call=0x55555617edf0) at gck/gck-call.c:498
#5 0x00007ffff66c5735 in g_type_create_instance () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#6 0x00007ffff66a65d8 in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#7 0x00007ffff66a8450 in g_object_new_valist () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#8 0x00007ffff66a87c9 in g_object_new () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#9 0x00007ffff7ba9e22 in nma_cert_chooser_button_new (flags=flags@entry=NMA_CERT_CHOOSER_BUTTON_FLAG_KEY) at src/libnma/nma-cert-chooser-button.c:447
#10 0x00007ffff7baa63e in init (cert_chooser=0x555555895020) at src/libnma/nma-pkcs11-cert-chooser.c:437
#11 0x00007ffff7ba5eab in constructor (type=<optimized out>, n_construct_properties=<optimized out>, construct_properties=<optimized out>) at src/libnma/nma-cert-chooser.c:635
#12 0x00007ffff66a640e in () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#13 0x00007ffff66a8450 in g_object_new_valist () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#14 0x00007ffff66a87c9 in g_object_new () at /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#15 0x00007ffff7ba68e7 in nma_cert_chooser_new (title=<optimized out>, flags=<optimized out>) at src/libnma/nma-cert-chooser.c:813
#16 0x00005555555a53ad in eap_method_ttls_new (ws_parent=0x555555eb0270, connection=0x5555559faf60, is_editor=<optimized out>, secrets_only=0x0) at src/wireless-security/eap-method-ttls.c:446
#17 0x000055555559db1b in ws_802_1x_auth_combo_init (sec=0x555555eb0270, combo_name=0x5555555b0750 "dynamic_wep_aut"..., combo_label=0x5555555b0767 "dynamic_wep_aut"..., auth_combo_changed_cb=0x5555555a0580 <auth_combo_changed_cb>, connection=0x5555559faf60, is_editor=0x1, secrets_only=0x0) at src/wireless-security/wireless-security.c:479
#18 0x00005555555a069f in ws_dynamic_wep_new (connection=0x5555559faf60, is_editor=0x1, secrets_only=0x0) at src/wireless-security/ws-dynamic-wep.c:121
#19 0x0000555555577387 in finish_setup (self=0x555555e45030, unused=<optimized out>, error=<optimized out>, user_data=<optimized out>) at src/connection-editor/page-wifi-security.c:391
#20 0x00007ffff66a0f9d in g_closure_invoke () at /usr/lib/x86_64-linux-gnu/libgobject...

Read more...

Hmm, I think these are definitely distinct issues. Here's what I observe with 1.8.10:

    Thread 1 "nm-connection-e" received signal SIGSEGV, Segmentation fault.
    0x00007ffff7bab4d3 in modules_initialized (object=<optimized out>, res=0x555555f34080,
        user_data=user_data@entry=0x555555f36360) at src/libnma/nma-cert-chooser-button.c:98
    98 src/libnma/nma-cert-chooser-button.c: Datei oder Verzeichnis nicht gefunden.
    (gdb) info locals
    self = 0x555555f36360
    slots = <optimized out>
    list_iter = <optimized out>
    error = 0x0
    modules = 0x0
    iter = {stamp = 1441177200, user_data = 0x7ffff63daa03 <g_queue_pop_tail+51>, user_data2 = 0x1, user_data3 = 0x7ffff639e261}
    model = <optimized out>
    info = <optimized out>
    label = <optimized out>
    (gdb)

So it still crashes for me during the error-handling.

Cheers,
Ben

Cause: Apparently it's perfectly okay if the list of modules is empty
(e.g., NULL). However, the code assume that this indicates an error,
tries to print the NULL error, and crashes.
Checking for NULL before printing it fixes the issue.

I'm not sure though whether an empty modules list is okay or not.

See attached patch which implements this. It applies cleanly to current master.

Created attachment 366805
Patch to fix the crash-on-warning

Fixes #785674.

Cause: Apparently it's perfectly okay if the list of modules is empty
(e.g., NULL). However, the code assume that this indicates an error,
tries to print the NULL error, and crashes.
Checking for NULL before printing it fixes the issue.

I'm not sure though whether an empty modules list is okay or not.

Signed-off-by: Ben Wiederhake <email address hidden>

(In reply to BenWiederhake.GitHub from comment #5)
> Created attachment 366805 [details] [review]
> Patch to fix the crash-on-warning

Thank you. Applied, with a small change.

https://git.gnome.org/browse/network-manager-applet/commit/?id=a37483c1a364ef3cc1cfa29e7ad51ca108d75674

@David Tomaschik:

So it looks like you're experiencing a different bug, and you should open a new issue about it.

I don't know what the underlying issue actually is, but a quick and dirty work-around might be to change this (line 69):

     if (g_str_has_prefix (slot_info->slot_description, "/"))

to this:

     if (!slot_info || g_str_has_prefix (slot_info->slot_description, "/"))

Again, this is quick and dirty, and just masks that there is a problem during `gck_slot_get_info`.

Cheers,
Ben

Sebastien Bacher (seb128) wrote :

Thank you for your bug report, some questions

- what version of Ubuntu are you using
- why is gnome-keyring not installed?
- could you get a backtrace (https://wiki.ubuntu.com/Bugs/Responses#Missing_a_back_trace)

It looks a bit like https://bugzilla.gnome.org/show_bug.cgi?id=785674 which was fixed in 1.8.12 (so should be fixed in cosmic but not in bionic)

Changed in network-manager-applet (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
shasheene (shasheene) wrote :

Hi,

I have this same problem on Ubuntu 18.04 i386, using an up-to-date bionic environment (main/universe/multiverse of bionic, bionic-updates and bionic-backports repos) .

I am attaching an apport service /var/crash log file. I couldn't find any network-manager-gnome dbg packages, so I'm not sure the backtrace will have symbols. If you need more information I am happy to help.

Reproduction: Launch nm-connection-editor, then double-click a connection to modify it.
Workaround: Install gnome-keyring (which recommended package, not a dependency) [1]

Given 18.04 is the last Ubuntu release with i386 support, I am unable to move to a more recent Ubuntu release such as cosmic (or beyond) at this stage. I am developing a live CD used by many users who aren’t Linux experts, may have poor internet connection and may be using very old computers. Given it's a non-persistent environment, saving passwords with gnome-keyring is not useful, and the password prompt will likely cause much confusion. My intention is to provide an i386 version based on Ubuntu 18.04 until the maintenance support window ends in 2023 [2]

[1] https://packages.ubuntu.com/disco/network-manager-gnome
[2] https://ubuntu.com/about/release-cycle

shasheene (shasheene) on 2019-10-14
Changed in network-manager-applet (Ubuntu):
status: Incomplete → Confirmed
shasheene (shasheene) wrote :

I realized my sources.list file was not standard so I reconstructed my environment with bionic-backports disabled and added bionic-security.

I downloaded the dbgsym '.ddeb' files and installed them in this environment. I had to install the package "libnm-gtk0" using apt-get, because it was not present. The version numbers of the deb files in your link match my system otherwise.

I reproduced the crash. The new apport crash log doesn't seem to have any additional backtrace information gleaned from the symbol information. I have still attached the file to this comment.

shasheene (shasheene) wrote :

I also tried adding the deb-src repositories (for my sources.list which has bionic/bionic-updates/bionic-security with main/universe/multiverse), then attempted to use apport-retrace [1] with a sandbox to download symbols automatically, but log file didn't have sufficient fields:

> ubuntu@ubuntu:~$ apport-retrace -S ~/temp_apport/ /var/crash/_usr_bin_nm-connection-editor.999.crash
> ERROR: report file does not contain one of the required fields: Package

[1] http://manpages.ubuntu.com/manpages/bionic/man1/apport-retrace.1.html

Sebastien Bacher (seb128) wrote :

Could you get a backtrace using gdb as described on https://wiki.ubuntu.com/DebuggingProgramCrash ?

shasheene (shasheene) wrote :

I don't have the graphical 'has closed unexpectedly' popups in my environment, but I ran gdb, loaded /usr/bin/nm-connection-editor, and reproduced the crash again. The output is the similar to the original poster of this issue:

warning: Error reading shared library list entry at 0x6f20
[New Thread 0xb21bdb40 (LWP 4975)]
[New Thread 0xb19bcb40 (LWP 4976)]
[New Thread 0xb11bbb40 (LWP 4977)]
[New Thread 0xb09bab40 (LWP 4978)]
[New Thread 0xb01b9b40 (LWP 4979)]
warning: Error reading shared library list entry at 0xffffe4c0
warning: Error reading shared library list entry at 0xffffe7e0
[New Thread 0xaf989b40 (LWP 4980)]
[New Thread 0xaf188b40 (LWP 4981)]

Thread 1 "nm-connection-e" received signal SIGSEGV, Segmentation fault.
0xb7f8ab74 in modules_initialized (object=0x0, res=0xbdf6c8,
    user_data=0xbe31b8) at src/libnma/nma-cert-chooser-button.c:98
98 src/libnma/nma-cert-chooser-button.c: No such file or directory.
(gdb)

I did some searching and the issue is already captured in this Debian mailing list: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883965. The most recent post (8 Apr 2018) pushes "network-manager-applet (1.8.10-3) unstable; urgency=medium" which "Fixes a segfault when editing an existing connection".

Ubuntu 18.04 bionic currently has an older network-manager-applet, 1.8.10-2ubuntu2. Can we please update to 1.8.10-3 in order to fix this issue?

Changed in network-manager-applet:
importance: Unknown → Medium
status: Unknown → Fix Released
summary: - nm-connection-editor crashes when trying to modify connection
+ nm-connection-editor crashes when trying to modify connection without
+ gnome-keyring installed
Changed in network-manager-applet (Ubuntu):
status: Confirmed → Fix Released
description: updated
TJ (tj) wrote :

I've built a package containing the fix patch (taken from Debian's 1.8.10-3) and tested to confirm it solves the issue when gnome-keyring is NOT installed.

$ apt list --installed network-manager-gnome gnome-keyring
Listing... Done
network-manager-gnome/bionic-updates,now 1.8.10-2ubuntu2 amd64 [installed]

$ nm-connection-editor

(nm-connection-editor:4086): GLib-GIO-CRITICAL **: 15:48:24.298: g_dbus_proxy_new: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
Segmentation fault (core dumped)

$ sudo dpkg -i ../libnm-gtk0_1.8.10-2ubuntu3_amd64.deb ../libn
ma0_1.8.10-2ubuntu3_amd64.deb ../gir1.2-nm*.deb ../network-manager-gnome_1.8.10-2ubuntu3_amd64.deb

...

$ nm-connection-editor

(nm-connection-editor:2009): GLib-GIO-CRITICAL **: 15:43:26.561: g_dbus_proxy_new: assertion 'G_IS_DBUS_CONNECTION (connection)' failed

And the GUI editor opened on the connection.

The built package can be found at:

https://launchpad.net/~tj/+archive/ubuntu/bugfixes

shasheene (shasheene) wrote :

I might misunderstand the workflow, but I don't think "Fix Released" status applies given the patch hasn't been applied to bionic yet. Currently [1] shows bionic has the following network-manager-applet releases:
1.8.10-2ubuntu2 updates (main) 2019-01-22
1.8.10-2ubuntu1 release (main) 2018-01-27

Given TJ has just tested the patch out and confirmed it fixes the issue, can a new version named "1.8.10-2ubuntu3" be published, and the resulting deb files find there way into bionic-updates? I think the following link [2] will remain 404 unless someone cherry-picks the fix across to that branch, and publishes it. Forgive me if I'm wrong.

[1] https://launchpad.net/ubuntu/+source/network-manager-applet/
[2] https://launchpad.net/ubuntu/+source/network-manager-applet/1.8.10-2ubuntu3

Sebastien Bacher (seb128) wrote :

@TJ, thanks for backporting that patch but please don't use an 'official' version number next time. I did a SRU with that fix and some others and it's waiting in the queue
https://launchpadlibrarian.net/446721648/network-manager-applet_1.8.10-2ubuntu3_source.changes

The problem with your version using the same number is that users installing it might not get the SRU replacing it now and miss on the other fixes.

Best to use a ubuntu2+ppa or ubuntu3~test number next time

TJ (tj) wrote :

@Sebastian Oops! I usually add ~tj or ~lpXXXXXX but lost that change this time because whilst fighting with trying to combine the upstream, Debian, and Ubuntu git repos and use sbuild to test.
It failed in all sorts of confusing ways so I simply made a non-git copy and ran 'dch -i' immediately without thinking.

Hello TJ, or anyone else affected,

Accepted network-manager-applet into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/network-manager-applet/1.8.10-2ubuntu3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in network-manager-applet (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-bionic
shasheene (shasheene) wrote :

OK, I have tested the bionic-proposed 1.8.10-2ubuntu3 release and can confirm it does indeed fix the issue. Thank you.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Changed in network-manager-applet (Ubuntu Bionic):
importance: Undecided → Medium
tags: removed: verification-needed
Changed in network-manager-applet (Debian):
status: Unknown → Fix Released

The verification of the Stable Release Update for network-manager-applet has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager-applet - 1.8.10-2ubuntu3

---------------
network-manager-applet (1.8.10-2ubuntu3) bionic; urgency=medium

  * debian/patches/git_error_handling.patch:
    - don't segfault when gnome-keyring is missing (lp: #1806269)
  * debian/patches/git_editor_segfault.patch:
    - backport a segfault fix for the editor (lp: #1848185)
  * debian/patches/git_label_warning.patch:
    - backport fix for parsing error warnings being displayed when
      connecting to an ap with special chars (lp: #1848186)

 -- Sebastien Bacher <email address hidden> Tue, 15 Oct 2019 10:50:14 +0200

Changed in network-manager-applet (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.