[Pkg-silc-devel] Bug#482145: silc client segfaults if key is verified after disconnection

Jérémy Bobbio lunar at debian.org
Fri Jul 11 19:22:03 UTC 2008 

Hi!

I have spent some time trying to fix the bug reported to the Debian SILC
package as #482145 [1], but solving this might require some pretty bad
tricks (or an API change).

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482145

In the silc client (or the irssi plugin), during the first connection
to an unknown server, the client asks the user about the key.  It's
pretty easy to start the connection and jump to do something else while
the client is connecting (especially if the network is slow).

If the answer takes too much time to come, the remote server will simply
drop the connection.  But the minibuffer is still asking for a reply,
and answering will result in a segfault.

This segfault will be triggered by
client_ops.c:verify_public_key_completion() when calling
silc_pkcs_save_public_key() with a free'd public_key.

I have tried to resolve the issue by trying to verify the connection
status in verify_public_key_completion().  But "verify->conn" is already
free'd as well.

The SILC_SERVER_REC has a "disconnected" field, which seems to be
updated when the server is disconnected.  So I thought about adding
another field of type SILC_SERVER_REC * to PublicKeyVerify, but there
seems to be no way to get a proper reference.

When the PublicKeyVerify structure is initialized in
silc_verify_public_key_internal(), SilcClientConnection has just been
created by silc_client_add_connection() and the caller of
silc_client_connect_to_server() has no way to set the context field at
that time.

So well, here's my current findings, and I don't think that I will be
able to solve this issue without some external help. :)

Cheers,
-- 
Jérémy Bobbio                        .''`. 
lunar at debian.org                    : :Ⓐ  :  # apt-get install anarchism
                                    `. `'` 
                                      `-   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-silc-devel/attachments/20080711/d93dd5b5/attachment-0001.pgp

More information about the Pkg-silc-devel mailing list