Public bug reported:
After the SSL rebuild, Remmina is crashing with a segmentation fault
when trying to connect to a Windows Server 2019 machine using RDP.
I tried removing the sensitive data from this backtrace (#7 has
TERMSRV/XXX.XXX.XXX.XXX), hopefully everything sensitive was removed.
The full backtrace is:
(gdb) bt f
#0 0x00007ffff6d192e8 in EVP_CIPHER_CTX_set_key_length
(c=c@entry=0x7fffe03310e0, keylen=keylen@entry=16) at
../crypto/evp/evp_enc.c:979
__func__ = "EVP_CIPHER_CTX_set_key_length"
#1 0x00007ffff1b2c4a8 in winpr_RC4_New_Internal
(key=0x7fffe0373998
"\223\234\376O`\245$\225\223\343\303\370\020\256\225\374\032N\317P\345\207K\320KX\231\307fb\314\307\032N\317P\345\207K\320KX\231\307fb\314",
<incomplete sequence \307>, keylen=16, override_fips=0) at
./winpr/libwinpr/crypto/cipher.c:75
ctx = 0x7fffe03310e0
evp = 0x7ffff6f7b240 <r4_cipher>
#2 0x00007ffff1b59ddd in ntlm_rc4k
(length=16, ciphertext=0x7fffe03739c8 "", plaintext=0x7fffe03739a8
"\032N\317P\345\207K\320KX\231\307fb\314\307\032N\317P\345\207K\320KX\231\307fb\314",
<incomplete sequence \307>, key=0x7fffe0373998
"\223\234\376O`\245$\225\223\343\303\370\020\256\225\374\032N\317P\345\207K\320KX\231\307fb\314\307\032N\317P\345\207K\320KX\231\307fb\314",
<incomplete sequence \307>) at ./winpr/libwinpr/sspi/NTLM/ntlm_compute.c:491
rc4 = <optimized out>
status = -2146893052
s = 0x7fffe03723b0
length = <optimized out>
StartOffset = <optimized out>
PayloadOffset = <optimized out>
AvTimestamp = <optimized out>
message = 0x7fffe0373780
context = 0x7fffe0373600
credentials = <optimized out>
input_buffer = <optimized out>
output_buffer = 0x0
channel_bindings = <optimized out>
#3 ntlm_encrypt_random_session_key (context=0x7fffe0373600) at
./winpr/libwinpr/sspi/NTLM/ntlm_compute.c:566
status = -2146893052
s = 0x7fffe03723b0
length = <optimized out>
StartOffset = <optimized out>
PayloadOffset = <optimized out>
AvTimestamp = <optimized out>
message = 0x7fffe0373780
context = 0x7fffe0373600
credentials = <optimized out>
input_buffer = <optimized out>
output_buffer = 0x0
channel_bindings = <optimized out>
#4 ntlm_read_ChallengeMessage (buffer=<optimized out>, context=0x7fffe0373600)
at ./winpr/libwinpr/sspi/NTLM/ntlm_message.c:513
status = -2146893052
s = 0x7fffe03723b0
length = <optimized out>
StartOffset = <optimized out>
PayloadOffset = <optimized out>
AvTimestamp = <optimized out>
message = 0x7fffe0373780
context = 0x7fffe0373600
credentials = <optimized out>
input_buffer = <optimized out>
output_buffer = 0x0
channel_bindings = <optimized out>
#5 ntlm_InitializeSecurityContextW
(phCredential=phCredential@entry=0x7fffe0372e70,
phContext=phContext@entry=0x7fffe0374230, pszTargetName=<optimized out>,
fContextReq=fContextReq@entry=50, Reserved1=Reserved1@entry=0,
TargetDataRep=TargetDataRep--Type <RET> for more, q to quit, c to continue
without paging--c
@entry=16, pInput=<optimized out>, Reserved2=<optimized out>,
phNewContext=<optimized out>, pOutput=<optimized out>, pfContextAttr=<optimized
out>, ptsExpiry=<optimized out>) at ./winpr/libwinpr/sspi/NTLM/ntlm.c:590
context = 0x7fffe0373600
credentials = <optimized out>
input_buffer = <optimized out>
output_buffer = 0x0
channel_bindings = <optimized out>
#6 0x00007ffff1b5ac25 in ntlm_InitializeSecurityContextA
(phCredential=0x7fffe0372e70, phContext=0x7fffe0374230,
pszTargetName=<optimized out>, fContextReq=50, Reserved1=0, TargetDataRep=16,
pInput=0x7fffe0372eb0, Reserved2=0, phNewContext=0x7fffe0374230,
pOutput=0x7fffe0372ec0, pfContextAttr=0x7fffe0372e58, ptsExpiry=0x7fffe0372e80)
at ./winpr/libwinpr/sspi/NTLM/ntlm.c:633
status = <optimized out>
pszTargetNameW = 0x7fffe0373cc0
#7 0x00007ffff1b6543f in winpr_InitializeSecurityContextA
(phCredential=0x7fffe0372e70, phContext=0x7fffe0372e08,
pszTargetName=0x7fffe0385fd0 "TERMSRV/XXX.XXX.XXX.XXX", fContextReq=50,
Reserved1=0, TargetDataRep=16, pInput=0x7fffe0372eb0, Reserved2=0,
phNewContext=0x7fffe0372e08, pOutput=0x7fffe0372ec0,
pfContextAttr=0x7fffe0372e58, ptsExpiry=0x7fffe0372e80) at
./winpr/libwinpr/sspi/sspi_winpr.c:1284
Name = 0x7ffff1b9e684 "Negotiate"
status = <optimized out>
table = 0x7ffff1bd72c0 <NEGOTIATE_SecurityFunctionTableA>
_log_cached_ptr = 0x0
__FUNCTION__ = "winpr_InitializeSecurityContextA"
_log_cached_ptr = 0x0
#8 0x00007ffff1d0301c in nla_client_recv (nla=0x7fffe0372df0) at
./libfreerdp/core/nla.c:557
status = -1
_log_cached_ptr = 0x0
__FUNCTION__ = "nla_recv_pdu"
#9 nla_recv_pdu (nla=0x7fffe0372df0, s=<optimized out>) at
./libfreerdp/core/nla.c:2192
_log_cached_ptr = 0x0
__FUNCTION__ = "nla_recv_pdu"
#10 0x00007ffff1d3be99 in rdp_recv_callback (transport=<optimized out>,
s=0x555555bad760, extra=0x555555e68000) at ./libfreerdp/core/rdp.c:1515
status = 0
rdp = 0x555555e68000
_log_cached_ptr = 0x0
__FUNCTION__ = "rdp_recv_callback"
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
#11 0x00007ffff1d37bbc in transport_check_fds (transport=0x555555b85510) at
./libfreerdp/core/transport.c:1062
status = 221
recv_status = <optimized out>
received = 0x555555bad760
now = <optimized out>
dueDate = 145082998
status = <optimized out>
transport = 0x555555b85510
_log_cached_ptr = 0x0
__FUNCTION__ = "rdp_check_fds"
_log_cached_ptr = 0x0
#12 rdp_check_fds (rdp=0x555555e68000) at ./libfreerdp/core/rdp.c:1722
status = <optimized out>
transport = 0x555555b85510
_log_cached_ptr = 0x0
__FUNCTION__ = "rdp_check_fds"
_log_cached_ptr = 0x0
#13 0x00007ffff1d3054d in rdp_client_connect (rdp=0x555555e68000) at
./libfreerdp/core/connection.c:367
SelectedProtocol = <optimized out>
status = <optimized out>
settings = 0x555555ea9ee0
flags = <optimized out>
timeout = 200
__FUNCTION__ = "rdp_client_connect"
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
#14 0x00007ffff1d1e492 in freerdp_connect (instance=0x555555bfb3f0) at
./libfreerdp/core/freerdp.c:197
status = <optimized out>
e = {e = {Size = 4135161392, Sender = 0x0}, result = 327824}
status2 = 0
rdp = 0x555555e68000
settings = 0x555555ea9ee0
__FUNCTION__ = "freerdp_connect"
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
#15 freerdp_connect (instance=0x555555bfb3f0) at ./libfreerdp/core/freerdp.c:153
__FUNCTION__ = "freerdp_connect"
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
#16 0x00007ffff678d739 in remmina_rdp_main (gp=0x555555ae4a70) at
./plugins/rdp/rdp_plugin.c:2053
value = <optimized out>
rfi = <optimized out>
w = <optimized out>
proxy_password = <optimized out>
root = <optimized out>
gateway_host = 0x7fffe0002900 "\340B"
datapath = <optimized out>
desktopScaleFactor = 0
h = <optimized out>
s = <optimized out>
gateway_port = 32767
i = <optimized out>
desktopOrientation = 0
deviceScaleFactor = 0
proxy_port = <optimized out>
verrev = 0
proxy_username = <optimized out>
sm = <optimized out>
cs = <optimized out>
remminafile = <optimized out>
channels = 0x555555f59760
status = <optimized out>
proxy_hostname = <optimized out>
proxy_type = <optimized out>
vermaj = 2
vermin = 3
orphaned = <optimized out>
gp = 0x555555ae4a70
rfi = 0x555555c8e800
#17 remmina_rdp_main_thread (data=0x555555ae4a70) at
./plugins/rdp/rdp_plugin.c:2258
gp = 0x555555ae4a70
rfi = 0x555555c8e800
#18 0x00007ffff683f927 in start_thread (arg=<optimized out>) at
pthread_create.c:435
ret = <optimized out>
pd = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737152808512,
-5239994127097218978, 140737488346590, 140737488346591, 0, 140737144418304,
5239967739048409182, 5239973476643682398}, mask_was_saved = 0}}, priv = {pad =
{0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
#19 0x00007ffff68cf9e4 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:100
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: remmina 1.4.21+dfsg-1build1
ProcVersionSignature: Ubuntu 5.15.0-13.13-generic 5.15.5
Uname: Linux 5.15.0-13-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu74
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: XFCE
Date: Mon Dec 6 16:45:05 2021
InstallationDate: Installed on 2017-06-13 (1636 days ago)
InstallationMedia: Xubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: remmina
UpgradeStatus: Upgraded to jammy on 2019-12-22 (714 days ago)
modified.conffile..etc.cron.daily.apport: [deleted]
** Affects: remmina (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug jammy package-from-proposed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to remmina in Ubuntu.
https://bugs.launchpad.net/bugs/1953389
Title:
Remmina segfault when trying to connect using RDP
Status in remmina package in Ubuntu:
New
Bug description:
After the SSL rebuild, Remmina is crashing with a segmentation fault
when trying to connect to a Windows Server 2019 machine using RDP.
I tried removing the sensitive data from this backtrace (#7 has
TERMSRV/XXX.XXX.XXX.XXX), hopefully everything sensitive was removed.
The full backtrace is:
(gdb) bt f
#0 0x00007ffff6d192e8 in EVP_CIPHER_CTX_set_key_length
(c=c@entry=0x7fffe03310e0, keylen=keylen@entry=16) at
../crypto/evp/evp_enc.c:979
__func__ = "EVP_CIPHER_CTX_set_key_length"
#1 0x00007ffff1b2c4a8 in winpr_RC4_New_Internal
(key=0x7fffe0373998
"\223\234\376O`\245$\225\223\343\303\370\020\256\225\374\032N\317P\345\207K\320KX\231\307fb\314\307\032N\317P\345\207K\320KX\231\307fb\314",
<incomplete sequence \307>, keylen=16, override_fips=0) at
./winpr/libwinpr/crypto/cipher.c:75
ctx = 0x7fffe03310e0
evp = 0x7ffff6f7b240 <r4_cipher>
#2 0x00007ffff1b59ddd in ntlm_rc4k
(length=16, ciphertext=0x7fffe03739c8 "", plaintext=0x7fffe03739a8
"\032N\317P\345\207K\320KX\231\307fb\314\307\032N\317P\345\207K\320KX\231\307fb\314",
<incomplete sequence \307>, key=0x7fffe0373998
"\223\234\376O`\245$\225\223\343\303\370\020\256\225\374\032N\317P\345\207K\320KX\231\307fb\314\307\032N\317P\345\207K\320KX\231\307fb\314",
<incomplete sequence \307>) at ./winpr/libwinpr/sspi/NTLM/ntlm_compute.c:491
rc4 = <optimized out>
status = -2146893052
s = 0x7fffe03723b0
length = <optimized out>
StartOffset = <optimized out>
PayloadOffset = <optimized out>
AvTimestamp = <optimized out>
message = 0x7fffe0373780
context = 0x7fffe0373600
credentials = <optimized out>
input_buffer = <optimized out>
output_buffer = 0x0
channel_bindings = <optimized out>
#3 ntlm_encrypt_random_session_key (context=0x7fffe0373600) at
./winpr/libwinpr/sspi/NTLM/ntlm_compute.c:566
status = -2146893052
s = 0x7fffe03723b0
length = <optimized out>
StartOffset = <optimized out>
PayloadOffset = <optimized out>
AvTimestamp = <optimized out>
message = 0x7fffe0373780
context = 0x7fffe0373600
credentials = <optimized out>
input_buffer = <optimized out>
output_buffer = 0x0
channel_bindings = <optimized out>
#4 ntlm_read_ChallengeMessage (buffer=<optimized out>,
context=0x7fffe0373600) at ./winpr/libwinpr/sspi/NTLM/ntlm_message.c:513
status = -2146893052
s = 0x7fffe03723b0
length = <optimized out>
StartOffset = <optimized out>
PayloadOffset = <optimized out>
AvTimestamp = <optimized out>
message = 0x7fffe0373780
context = 0x7fffe0373600
credentials = <optimized out>
input_buffer = <optimized out>
output_buffer = 0x0
channel_bindings = <optimized out>
#5 ntlm_InitializeSecurityContextW
(phCredential=phCredential@entry=0x7fffe0372e70,
phContext=phContext@entry=0x7fffe0374230, pszTargetName=<optimized out>,
fContextReq=fContextReq@entry=50, Reserved1=Reserved1@entry=0,
TargetDataRep=TargetDataRep--Type <RET> for more, q to quit, c to continue
without paging--c
@entry=16, pInput=<optimized out>, Reserved2=<optimized out>,
phNewContext=<optimized out>, pOutput=<optimized out>, pfContextAttr=<optimized
out>, ptsExpiry=<optimized out>) at ./winpr/libwinpr/sspi/NTLM/ntlm.c:590
context = 0x7fffe0373600
credentials = <optimized out>
input_buffer = <optimized out>
output_buffer = 0x0
channel_bindings = <optimized out>
#6 0x00007ffff1b5ac25 in ntlm_InitializeSecurityContextA
(phCredential=0x7fffe0372e70, phContext=0x7fffe0374230,
pszTargetName=<optimized out>, fContextReq=50, Reserved1=0, TargetDataRep=16,
pInput=0x7fffe0372eb0, Reserved2=0, phNewContext=0x7fffe0374230,
pOutput=0x7fffe0372ec0, pfContextAttr=0x7fffe0372e58, ptsExpiry=0x7fffe0372e80)
at ./winpr/libwinpr/sspi/NTLM/ntlm.c:633
status = <optimized out>
pszTargetNameW = 0x7fffe0373cc0
#7 0x00007ffff1b6543f in winpr_InitializeSecurityContextA
(phCredential=0x7fffe0372e70, phContext=0x7fffe0372e08,
pszTargetName=0x7fffe0385fd0 "TERMSRV/XXX.XXX.XXX.XXX", fContextReq=50,
Reserved1=0, TargetDataRep=16, pInput=0x7fffe0372eb0, Reserved2=0,
phNewContext=0x7fffe0372e08, pOutput=0x7fffe0372ec0,
pfContextAttr=0x7fffe0372e58, ptsExpiry=0x7fffe0372e80) at
./winpr/libwinpr/sspi/sspi_winpr.c:1284
Name = 0x7ffff1b9e684 "Negotiate"
status = <optimized out>
table = 0x7ffff1bd72c0 <NEGOTIATE_SecurityFunctionTableA>
_log_cached_ptr = 0x0
__FUNCTION__ = "winpr_InitializeSecurityContextA"
_log_cached_ptr = 0x0
#8 0x00007ffff1d0301c in nla_client_recv (nla=0x7fffe0372df0) at
./libfreerdp/core/nla.c:557
status = -1
_log_cached_ptr = 0x0
__FUNCTION__ = "nla_recv_pdu"
#9 nla_recv_pdu (nla=0x7fffe0372df0, s=<optimized out>) at
./libfreerdp/core/nla.c:2192
_log_cached_ptr = 0x0
__FUNCTION__ = "nla_recv_pdu"
#10 0x00007ffff1d3be99 in rdp_recv_callback (transport=<optimized out>,
s=0x555555bad760, extra=0x555555e68000) at ./libfreerdp/core/rdp.c:1515
status = 0
rdp = 0x555555e68000
_log_cached_ptr = 0x0
__FUNCTION__ = "rdp_recv_callback"
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
#11 0x00007ffff1d37bbc in transport_check_fds (transport=0x555555b85510) at
./libfreerdp/core/transport.c:1062
status = 221
recv_status = <optimized out>
received = 0x555555bad760
now = <optimized out>
dueDate = 145082998
status = <optimized out>
transport = 0x555555b85510
_log_cached_ptr = 0x0
__FUNCTION__ = "rdp_check_fds"
_log_cached_ptr = 0x0
#12 rdp_check_fds (rdp=0x555555e68000) at ./libfreerdp/core/rdp.c:1722
status = <optimized out>
transport = 0x555555b85510
_log_cached_ptr = 0x0
__FUNCTION__ = "rdp_check_fds"
_log_cached_ptr = 0x0
#13 0x00007ffff1d3054d in rdp_client_connect (rdp=0x555555e68000) at
./libfreerdp/core/connection.c:367
SelectedProtocol = <optimized out>
status = <optimized out>
settings = 0x555555ea9ee0
flags = <optimized out>
timeout = 200
__FUNCTION__ = "rdp_client_connect"
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
#14 0x00007ffff1d1e492 in freerdp_connect (instance=0x555555bfb3f0) at
./libfreerdp/core/freerdp.c:197
status = <optimized out>
e = {e = {Size = 4135161392, Sender = 0x0}, result = 327824}
status2 = 0
rdp = 0x555555e68000
settings = 0x555555ea9ee0
__FUNCTION__ = "freerdp_connect"
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
#15 freerdp_connect (instance=0x555555bfb3f0) at
./libfreerdp/core/freerdp.c:153
__FUNCTION__ = "freerdp_connect"
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
#16 0x00007ffff678d739 in remmina_rdp_main (gp=0x555555ae4a70) at
./plugins/rdp/rdp_plugin.c:2053
value = <optimized out>
rfi = <optimized out>
w = <optimized out>
proxy_password = <optimized out>
root = <optimized out>
gateway_host = 0x7fffe0002900 "\340B"
datapath = <optimized out>
desktopScaleFactor = 0
h = <optimized out>
s = <optimized out>
gateway_port = 32767
i = <optimized out>
desktopOrientation = 0
deviceScaleFactor = 0
proxy_port = <optimized out>
verrev = 0
proxy_username = <optimized out>
sm = <optimized out>
cs = <optimized out>
remminafile = <optimized out>
channels = 0x555555f59760
status = <optimized out>
proxy_hostname = <optimized out>
proxy_type = <optimized out>
vermaj = 2
vermin = 3
orphaned = <optimized out>
gp = 0x555555ae4a70
rfi = 0x555555c8e800
#17 remmina_rdp_main_thread (data=0x555555ae4a70) at
./plugins/rdp/rdp_plugin.c:2258
gp = 0x555555ae4a70
rfi = 0x555555c8e800
#18 0x00007ffff683f927 in start_thread (arg=<optimized out>) at
pthread_create.c:435
ret = <optimized out>
pd = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737152808512,
-5239994127097218978, 140737488346590, 140737488346591, 0, 140737144418304,
5239967739048409182, 5239973476643682398}, mask_was_saved = 0}}, priv = {pad =
{0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
#19 0x00007ffff68cf9e4 in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:100
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: remmina 1.4.21+dfsg-1build1
ProcVersionSignature: Ubuntu 5.15.0-13.13-generic 5.15.5
Uname: Linux 5.15.0-13-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu74
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: XFCE
Date: Mon Dec 6 16:45:05 2021
InstallationDate: Installed on 2017-06-13 (1636 days ago)
InstallationMedia: Xubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: remmina
UpgradeStatus: Upgraded to jammy on 2019-12-22 (714 days ago)
modified.conffile..etc.cron.daily.apport: [deleted]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/remmina/+bug/1953389/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
