Crash with pidgin using SILC protocol

Niez raspoudhon at yandex.ru
Sat Sep 4 14:31:47 EDT 2010


Hi,
I'm using the official SILC client and when i send a file to a pidgin
user using this command :
/file send /path/file Nickname -no-listener

I got a crash of Pidgin and a segmentation fault, after he accepts the
file.

If i remove the -no-listener parameter, the user is only disconnected
from the server.

Here are some informations i could retrieve from the logs :

Backtrace :
GNU gdb (GDB) 7.1-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/pidgin...(no debugging symbols
found)...done.
(gdb) runhandle SIGPIPE nostop noprint
Signal        Stop	Print	Pass to program	Description
SIGPIPE       No	No	Yes		Broken pipe
(gdb) runh
Starting program: /usr/bin/pidgin 
[Thread debugging using libthread_db enabled]
[New Thread 0xb7db6b70 (LWP 3032)]
[New Thread 0xb66a0b70 (LWP 3077)]
[Thread 0xb66a0b70 (LWP 3077) exited]
[New Thread 0xb66a0b70 (LWP 3079)]
[Thread 0xb66a0b70 (LWP 3079) exited]

Program received signal SIGSEGV, Segmentation fault.
0x00ab7894 in sigprocmask () from /lib/tls/i686/cmov/libc.so.6
(gdb) bt full
#0  0x00ab7894 in sigprocmask () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#1  0x01adc736 in silc_schedule_internal_signals_block
(schedule=0x85ec2b0, 
    context=0x47) at silcunixschedule.c:583
No locals.
#2  0x01adac20 in silc_schedule_task_del_by_context
(schedule=0x85ec2b0, 
    context=0x85ec2b8) at silcschedule.c:838
        task = 0x50
        htl = {ht = 0x85c37e8, entry = 0x8647068, index = 0, auto_rehash
= 0}
        list = {head = 0x1a66ee0, tail = 0x8427f30, current =
0x8620790, 
          next_offset = 6784, prev_offset = 2140, prev_set = 0, end_set
= 0, 
          count = 34745040}
        ret = 8 '\b'
#3  0x01a95459 in silc_client_ftp_session_free (session=0x85ec2b8)
    at client_ftp.c:383
No locals.
#4  0x01a7b6ea in silc_client_connection_st_close (fsm=0x8620738, 
    fsm_context=0x86d5fa0, state_context=0x0) at client.c:428
No locals.
#5  0x01ad41ac in silc_fsm_run (schedule=0x85c1a80,
app_context=0x8427f30, 
    type=SILC_TASK_EXPIRE, fd=0, context=0x8620738) at silcfsm.c:429
No locals.
#6  0x01adb822 in silc_schedule_dispatch_timeout (schedule=0x85c1a80, 
    dispatch_all=<value optimized out>) at silcschedule.c:114
        task = 0xe3
        curtime = {tv_sec = 1283622877, tv_usec = 32464}
        count = 1
#7  0x01adc107 in silc_schedule_select_timeout (schedule=0x85c1a80, 
    timeout_usecs=<value optimized out>) at silcschedule.c:159
        task = <value optimized out>
        curtime = {tv_sec = 1283622877, tv_usec = 32463}
        dispatch = 1 '\001'
#8  silc_schedule_iterate (schedule=0x85c1a80, 
    timeout_usecs=<value optimized out>) at silcschedule.c:424
        ret = <value optimized out>
#9  0x01adc394 in silc_schedule_one (schedule=0x85c1a80,
timeout_usecs=0)
    at silcschedule.c:484
        ret = 99 'c'
#10 0x01a7a66c in silc_client_run_one (client=0x8427f30) at
client.c:1095
No locals.
#11 0x01a66d83 in ?? () from /usr/lib/purple-2/libsilcpurple.so
No symbol table info available.
#12 0x008fdd5c in ?? () from /lib/libglib-2.0.so.0
No symbol table info available.
#13 0x008fd5e5 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
No symbol table info available.
#14 0x009012d8 in ?? () from /lib/libglib-2.0.so.0
No symbol table info available.
#15 0x00901817 in g_main_loop_run () from /lib/libglib-2.0.so.0
No symbol table info available.
#16 0x004d03c9 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
No symbol table info available.
#17 0x080cb2e1 in main ()
No symbol table info available.
(gdb) quit
A debugging session is active.


Pidgin debug window (when not using the -no-listener parameter in /file
send command:

(13:47:11) pidgin-libnotify: event_connection_throttle() called
(13:47:11) connection: Activating keepalive.
(13:47:59) xfer: request accepted for 0x88e9758
(13:47:59) silc: silc_say error: Error during key exchange with
127.0.1.1: Unsupported public key (or certificate)
(13:47:59) connection: Connection error on 0x8975798 (reason: 0
description: Error during key exchange with 127.0.1.1: Unsupported
public key (or certificate))
(13:47:59) g_log: pidgin_xfer_dialog_update_xfer: assertion `dialog !=
NULL' failed
(13:47:59) account: Disconnecting account Nick at sss.xxx.org (0x846f268)
(13:47:59) connection: Disconnecting connection 0x8975798
(13:47:59) connection: Deactivating keepalive.
(13:48:00) GLib: g_source_remove: assertion `tag > 0' failed
(13:48:00) connection: Destroying connection 0x8975798


SILC client display :
 *** File transfer request sent to Nick#3 for /home/Proverbes.txt
[13:47] [Error]: SILC_VERIFY silc_verify_public_key_internal:2478
[13:47] *** Error during file transfer with Nick#3
[13:48] *** Nick#3 (aaaal at hasar.tepi.silc) has quit (Téléchargement de
Pidgin : http://pidgin.im)

pidgin -d :
dns[3637]: nobody needs me... =(
(15:19:40) xfer: xfer 0x995c4e8 denied
(15:19:53) xfer: request accepted for 0x9941900
(15:19:53) g_log: pidgin_xfer_dialog_update_xfer: assertion `dialog !=
NULL' failed
Erreur de segmentation


The problem was discovered on Pidgin 2.6.6 and is still here in the
2.7.3 pidgin version.

I hope you could do something with this informations.
Good luck



More information about the security mailing list