[Pidgin] #11525: double free if ssl handshake fails with jabber
Pidgin
trac at pidgin.im
Mon Mar 8 13:43:22 EST 2010
#11525: double free if ssl handshake fails with jabber
--------------------+-------------------------------------------------------
Reporter: ari | Owner: deryni
Type: defect | Status: new
Milestone: | Component: XMPP
Version: 2.6.6 | Resolution:
Keywords: |
--------------------+-------------------------------------------------------
Description changed by ari:
Old description:
> If SSL/TLS negotiazion fails while connecting to a XMPP server, libpurple
> crashes with a double free: purple_ssl_close() is called twice,
> once from ssl_nss_connect() after the SSL negotiation fails,
> once from jabber_close()
>
> The call to jabber_close() is done by purple_connection_disconnect_cb(),
> which
> is the callback invoked after an error in the connection is detected.
>
> I am attaching a GDB session with some backtraces done with qutecom, but
> the
> same issues is reproducible using the modified nullclient I have attached
> to #11524. Triggering bug #11524 it is an easy way to generate SSL
> connection failure.
New description:
From http://bugs.debian.org/573068:
If SSL/TLS negotiazion fails while connecting to a XMPP server, libpurple
crashes with a double free: purple_ssl_close() is called twice,
once from ssl_nss_connect() after the SSL negotiation fails,
once from jabber_close()
The call to jabber_close() is done by purple_connection_disconnect_cb(),
which
is the callback invoked after an error in the connection is detected.
I am attaching a GDB session with some backtraces done with qutecom, but
the
same issues is reproducible using the modified nullclient I have attached
to #11524. Triggering bug #11524 it is an easy way to generate SSL
connection failure.
--
--
Ticket URL: <http://developer.pidgin.im/ticket/11525#comment:1>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list