486076 – [openconnect] crashes inside libopenconnect: ctx->form->opts->_value not set

Bug 486076 - [openconnect] crashes inside libopenconnect: ctx->form->opts->_value not set

Summary: [openconnect] crashes inside libopenconnect: ctx->form->opts->_value not set

Status:	REPORTED

Alias:	None

Product:	plasmashell
Classification:	Plasma
Component:	Networking in general (show other bugs)
Version:	master
Platform:	Other Linux

Importance:	NOR crash
Target Milestone:	1.0
Assignee:	Plasma Bugs List

URL:
Keywords:

Duplicates (1):	494082 (view as bug list)
Depends on:
Blocks:

Reported:	2024-04-24 14:57 UTC by Thiago Macieira
Modified:	2024-12-23 18:23 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:	https://crash-reports.kde.org/organizations/kde/issues/69004

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Thiago Macieira 2024-04-24 14:57:14 UTC

SUMMARY
When connecting to Palo Alto Network's GlobalProtect, the openconnect plugin causes a crash inside libopenconnect

STEPS TO REPRODUCE
1. Try to connect to a server that requires OAuth2 authentication (mine is Microsoft's)
2. Disconnect
3. Connect again

This appears to happen more frequently when some credential is already cached.

OBSERVED RESULT
kded6 crashes

EXPECTED RESULT
Connection is successful

SOFTWARE/OS VERSIONS
KDE Plasma Version: 6.0.4
KDE Frameworks Version: 6.10
Qt Version: 6.7.0

ADDITIONAL INFORMATION
Backtrace:
#3  0x00007f0ee2441240 in <signal handler called> () at /lib64/libc.so.6
#4  0x00007f0ee257ff6c in __strlen_evex () at /lib64/libc.so.6
#5  0x00007f0ee24aa762 in strdup () at /lib64/libc.so.6
#6  0x00007f0ebd7bf319 in gpst_login (vpninfo=vpninfo@entry=0x556d4431ef00, portal=portal@entry=1, ctx=ctx@entry=0x7f0e83dffbd0)
    at /usr/src/debug/openconnect-9.12/auth-globalprotect.c:728
#7  0x00007f0ebd7bf576 in gpst_obtain_cookie (vpninfo=0x556d4431ef00) at /usr/src/debug/openconnect-9.12/auth-globalprotect.c:778
#8  0x00007f0ebe0bf870 in OpenconnectAuthWorkerThread::run() (this=0x556d4415dc30)
    at /usr/src/debug/plasma-nm-6.0.4/vpn/openconnect/openconnectauthworkerthread.cpp:125
#9  0x00007f0ee2edc1b8 in  () at /lib64/glibc-hwcaps/x86-64-v4/libQt6Core.so.6.7.0
#10 0x00007f0ee2492bb2 in start_thread () at /lib64/libc.so.6
#11 0x00007f0ee251400c in clone3 () at /lib64/libc.so.6

In frame 6, line 728 <https://gitlab.com/openconnect/openconnect/-/blob/v9.12/auth-globalprotect.c?ref_type=tags#L728> is:
			if (!ctx->username)
				ctx->username = strdup(ctx->form->opts->_value);

(gdb) p ctx->form->opts->_value
$6 = 0x0

I can't tell if this is a libopenconnect bug or not. The code in libopenconnect is hard to debug as it drives the functionality and only calls back into the plugin for the web display. However, my colleagues using the GNOME counterpart don't have this issue and this only appears to happen when there's some cookie stored in kded, so I believe the bug is somehow in the plugin.

Comment 1 Thiago Macieira 2024-09-30 17:05:14 UTC

I haven't seen this crash in months, probably coinciding with the 6.1 update.

Comment 2 Nicolas Fella 2024-10-04 13:21:14 UTC

*** Bug 494082 has been marked as a duplicate of this bug. ***

Comment 3 Nicolas Fella 2024-10-04 13:22:36 UTC

We still have reports from 6.1, so doesn't seem fixed on our side at least

Comment 4 Thiago Macieira 2024-10-04 14:42:22 UTC

(In reply to Nicolas Fella from comment #3)
> We still have reports from 6.1, so doesn't seem fixed on our side at least

That would match my not seeing any changes to the source code that could explain it. What probably happened is that the server side changed. I know we had to upgrade the PANGP server software due to other bugs that Palo Alto fixed and we had been running into.

Comment 5 Ben Cooksley 2024-12-23 18:23:36 UTC

Bulk transfer as requested in T17796