[Pidgin] #11525: double free if ssl handshake fails with jabber

Pidgin trac at pidgin.im
Mon Mar 8 13:43:22 EST 2010


#11525: double free if ssl handshake fails with jabber
--------------------+-------------------------------------------------------
 Reporter:  ari     |        Owner:  deryni
     Type:  defect  |       Status:  new   
Milestone:          |    Component:  XMPP  
  Version:  2.6.6   |   Resolution:        
 Keywords:          |  
--------------------+-------------------------------------------------------
Description changed by ari:

Old description:

> If SSL/TLS negotiazion fails while connecting to a XMPP server, libpurple
> crashes with a double free: purple_ssl_close() is called twice,
> once from ssl_nss_connect() after the SSL negotiation fails,
> once from jabber_close()
>
> The call to jabber_close() is done by purple_connection_disconnect_cb(),
> which
> is the callback invoked after an error in the connection is detected.
>
> I am attaching a GDB session with some backtraces done with qutecom, but
> the
> same issues is reproducible using the modified nullclient I have attached
> to #11524. Triggering bug #11524 it is an easy way to generate SSL
> connection failure.

New description:

 From http://bugs.debian.org/573068:

 If SSL/TLS negotiazion fails while connecting to a XMPP server, libpurple
 crashes with a double free: purple_ssl_close() is called twice,
 once from ssl_nss_connect() after the SSL negotiation fails,
 once from jabber_close()

 The call to jabber_close() is done by purple_connection_disconnect_cb(),
 which
 is the callback invoked after an error in the connection is detected.

 I am attaching a GDB session with some backtraces done with qutecom, but
 the
 same issues is reproducible using the modified nullclient I have attached
 to #11524. Triggering bug #11524 it is an easy way to generate SSL
 connection failure.

--

-- 
Ticket URL: <http://developer.pidgin.im/ticket/11525#comment:1>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list