Bug 408137 - QCA::TLS handshaken is emitted with a broken certificate instance leading to a crash
Summary: QCA::TLS handshaken is emitted with a broken certificate instance leading to ...
Status: RESOLVED WORKSFORME
Alias: None
Product: qca
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Ivan Romanov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-31 08:42 UTC by Sergey
Modified: 2020-09-01 16:57 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sergey 2019-05-31 08:42:53 UTC
The above was noticed with Psi instant messenger on wakeup from sleep.
On handshaken() it tries to tls->peerCertificateChain().primary();
Crashes in copy constructor of QCA::Certificate

#6  0x00007f29cb340af9 in QCA::Algorithm::operator=(QCA::Algorithm const&) () from /usr/lib/libqca-qt5.so.2
#7  0x00007f29cb341d35 in QCA::Algorithm::Algorithm(QCA::Algorithm const&) () from /usr/lib/libqca-qt5.so.2
#8  0x00007f29cb32f502 in QCA::Certificate::Certificate(QCA::Certificate const&) () from /usr/lib/libqca-qt5.so.2
#9  0x00005630b910b153 in CertificateHelpers::checkCertificate(QCA::TLS*, XMPP::QCATLSHandler*, QString&, QByteArray&, QObject*, QString const&, QString const&) ()
#10 0x00005630b8d42f62 in PsiAccount::tls_handshaken() ()
#11 0x00005630b8c8ca07 in ?? ()
#12 0x00007f29c33981d7 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQt5Core.so.5
#13 0x00007f29c33981d7 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQt5Core.so.5
#14 0x00007f29cb372522 in QCA::TLS::Private::processNextAction() () from /usr/lib/libqca-qt5.so.2
#15 0x00007f29cb36c776 in ?? () from /usr/lib/libqca-qt5.so.2
#16 0x00007f29c33981d7 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQt5Core.so.5
#17 0x00007f29c3398a3b in QObject::event(QEvent*) () from /usr/lib/libQt5Core.so.5
#18 0x00007f29c3898da4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#19 0x00007f29c38a03c1 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#20 0x00007f29c336d849 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5
#21 0x00007f29c33c1d15 in QTimerInfoList::activateTimers() () from /usr/lib/libQt5Core.so.5

Assuming certicate chain can't be empty in this case it's likely the chain has a certificate with some dangling pointers.
Note Psi handles this in the same thread and there is no any Qt::QueuedConnection (it's visible from the stack above).

I currently can't provide more details except it happened on Manjaro Linux 18.0.4
Comment 1 Sergey 2020-09-01 16:57:30 UTC
Well since I took maintainership of QCA fork, I tried to review it myself. But all the code looks pretty valid for me.
Moreover original the reporter told me it didn't crash for him for awhile. And same for me.

So likely it's neither QCA or Psi problem. It's something else.
I'm closing this issue since there is nothing more to investigate and it's better to have a coredump from debug version next time.