Commit Graph

21 Commits

Author SHA1 Message Date
sanhex
d33bd8deff GUACAMOLE-384: fixing segfault during ssh disconnect
Root Cause:
See the core dump and Valgrind report posted on Jira. guacd was reading a ssh terminal which had been freed. When a ssh connection is terminated, guac_ssh_client_free_handler() will be called from guacd_exec_proc() -> guac_client_free() with pointer client->free_handler. In guac_ssh_client_free_handler(), when ssh_client->term is freed, ssh_client->client_thread may still be using the ssh_client->term. It causes the crash reported in this bug.

The stack trace exposing the problem can be found by running guacd under Valgrind with a ssh test script. The test script repeats doing ssh login and logout for 5000 times.

Solution:
In guac_ssh_client_free_handler(), before calling guac_terminal_free(ssh_client->term), close the stdin pipe of the terminal to stop reading the pipe with guac_terminal_read_stdin() in ssh_input_thread(). So that ssh_input_thread() can be terminated in this case. Call pthread_join() to wait for ssh_client_thread() terminating before freeing the terminal.

Add a new function guac_terminal_stop() to close the pipe and set the fds to invalid (-1). Call it in guac_ssh_client_free_handler() and guac_terminal_free().

Checking the client running state in ssh_input_thread() and ssh_client_thread() to make sure they can be terminated when the client is stopped in guacd_exec_proc() by another thread.

Test:
- Confirmed ssh connection works normally.
- Observed the child process of guacd exits when ssh connection is terminated.
- Reran the ssh test script. Observed no crash.
2017-10-29 18:11:15 -07:00
sanhex
3c7a09f52b GUACAMOLE-400: Fix guacd crash when ssh key fails
Root Cause:
In the ssh library of guacd, function ssh_client_thread(), when guac_ssh_get_user() fails to load private key for ssh authentication, it will return NULL. In this case, the subsequent call to guac_common_ssh_create_session() with parameter 'user=0x0' will cause guacd crash in function guac_common_ssh_authenticate() by accessing 'user->username'.

Solution:
- Update the comment of function guac_ssh_get_user() to document that NULL will be returned if fails to import key for the user.
- In function ssh_client_thread(), verify the return of guac_ssh_get_user(). If ssh_client->user is NULL, return NULL.

Test:
- Configured a ssh app with an encrypted private key and a wrong passphrase.
- Ran the ssh app from web portal and observed guacd crash.
- Applied the fix and reran the ssh app. Observed no crash.
2017-09-29 11:04:48 -07:00
Michael Jumper
d51e92eb31 GUACAMOLE-303: Add "sftp-root-directory" parameter to VNC, RDP, and SSH. 2017-06-29 15:48:23 -07:00
Michael Jumper
0474f86c46 GUACAMOLE-303: Extend common SFTP filesystem such that arbitrary directories can be used as the root of the filesystem. 2017-06-29 15:36:10 -07:00
Nick Couchman
041fcc4651 GUACAMOLE-203: Change remaining instances of timer to timeout. 2017-06-25 05:13:22 -04:00
Nick Couchman
8c24c77d55 GUACAMOLE-203: Change timer to timeout 2017-06-14 13:00:30 -04:00
Nick Couchman
070bd25721 GUACAMOLE-203: if statement style tweak 2017-06-14 08:27:09 -04:00
Nick Couchman
e7fc8a0d98 GUACAMOLE-203: Expand SSH keepalives to cover SFTP connections for other protocols. 2017-05-31 21:03:09 -04:00
Nick Couchman
9993684205 GUACAMOLE-203: Warn user if they try to enter keepalive value < 2 seconds. 2017-05-31 21:03:06 -04:00
Nick Couchman
f693b02e12 GUACAMOLE-203: Tighten up code, implement constant for socket poll timer. 2017-05-31 21:02:59 -04:00
Nick Couchman
75019f5e4b GUACAMOLE-203: Add a few more comments to code. 2017-05-31 21:02:53 -04:00
Nick Couchman
8ab7e56972 GUACAMOLE-203: Implement keepalive config in SSH connection. 2017-05-31 21:02:50 -04:00
Michael Jumper
3f7ccb6b9a GUACAMOLE-169: Move terminal headers to namespaced directory. 2017-02-27 14:34:46 -08:00
Michael Jumper
d371f2d9ee GUACAMOLE-169: Move common-ssh headers to namespaced directory. 2017-02-27 14:28:23 -08:00
Michael Jumper
eee928548d GUACAMOLE-169: Use proper namespace for internal common headers. 2017-01-23 23:26:26 -08:00
Michael Jumper
e5b3af8ffe GUACAMOLE-86: Remove terminal emulator's STDOUT pipe. Use pthread_cond_t to signal modification. 2017-01-16 00:02:30 -08:00
Michael Jumper
2421fc2f11 GUACAMOLE-118: Use poll() when waiting for data from SSH. 2016-11-11 13:16:57 -08:00
Michael Jumper
a64c3e0179 GUACAMOLE-34: Ensure guac_client_stop() or guac_client_abort() are called in ALL cases where the client thread terminates. 2016-05-23 13:58:01 -07:00
Michael Jumper
4da3bef4ec GUACAMOLE-1: Relicense C files. 2016-03-28 20:39:19 -07:00
Michael Jumper
6fc208554d GUAC-236: Add session recording parameters to VNC, RDP, and SSH. 2016-03-14 20:22:02 -07:00
Michael Jumper
075b7ffba9 GUAC-1389: Add screen sharing support to SSH. 2016-03-14 17:33:17 -07:00