Bug#934897: rdesktop: 1.8.6 crashes after login in Windows XP, rdp_recv(), unexpected stream overrun, 1.8.4 works

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#934897: rdesktop: 1.8.6 crashes after login in Windows XP, rdp_recv(), unexpected stream overrun, 1.8.4 works

Ondrej Zary-4
Package: rdesktop
Version: 1.8.6-2~deb9u1
Severity: important

Dear Maintainer,
since upgrading rdesktop to 1.8.6, it does not work properly when connecting to a Windows XP system.
Windows login screen appears but rdesktop crashes immediately after entering correct username and password:
$ rdesktop 1.2.3.4
Autoselected keyboard map en-us
WARNING: Remote desktop does not support colour depth 24; falling back to 16
ERROR: rdp.c:140: rdp_recv(), unexpected stream overrun0000 03 00 00 1e 02 f0 80 68 00 01 03 eb 70 10 08 00 .......h....p...
0010 10 00 bc 7f e1 25 37 a6 63 72 04 00 16 00       .....%7.cr....


*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 9.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable'), (10, 'testing')
Architecture: i386 (i686)

Kernel: Linux 4.9.0-9-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages rdesktop depends on:
ii  libasound2    1.1.3-5
ii  libc6         2.24-11+deb9u4
ii  libgssglue1   0.4-2
ii  libpcsclite1  1.8.20-1
ii  libssl1.1     1.1.0k-1~deb9u1
ii  libx11-6      2:1.6.4-3+deb9u1
ii  libxrandr2    2:1.5.1-1

rdesktop recommends no packages.

Versions of packages rdesktop suggests:
ii  pcscd  1.8.20-1

-- debconf-show failed

Reply | Threaded
Open this post in threaded view
|

Bug#934897: rdesktop: 1.8.6 crashes after login in Windows XP, rdp_recv(), unexpected stream overrun, 1.8.4 works

Bernhard Übelacker-3
Control: tags -1 + upstream


Dear Maintainer,
I tried to get some information to this issue.

The error is given within this backtrace [1].

This is also present in the upstream git 1.8.x branch.

A git bisect points to upstream commit 82fce18.
However that commit seems to just add some checks to
not overrun some receive buffers. So it looks like
that overrun is since a longer time included but
got not detected.

Therefore might it be, that Windows XP just sends
packets with this byte less?
Attached patch checks if the end of the receive buffer
is already reached and just if not "extracts" the
"userid", which is not used at all later (as far as I see).
A package with this patch seemed to work like intended,
but maybe upstream can confirm this patch.

Upstream master seems to have moved some logic
in 1a82d41, so the line in question looks like
requesting now two bytes as "pduSource".

There is upstream issue [2] that seems about this issue.
It got closed because of unreproducibility, I am going to
comment there and point to this information.

Kind regards,
Bernhard


[1]
(gdb) bt
#0  _rdp_protocol_error (file=0x4517d8 "rdp.c", line=140, func=0x452068 <__func__.19872> "rdp_recv", message=0x450373 "unexpected stream overrun", s=0x474ba0 <g_in>) at rdp.c:1870
#1  0x004285f9 in rdp_recv (type=type@entry=0xbffff023 "") at rdp.c:140
#2  0x00428c72 in rdp_loop (deactivated=<optimized out>, ext_disc_reason=<optimized out>) at rdp.c:1777
#3  0x0042c157 in rdp_main_loop (deactivated=0xbffff128, ext_disc_reason=0xbffff12c) at rdp.c:1758
#4  0x004066a8 in main (argc=<optimized out>, argv=<optimized out>) at rdesktop.c:1191


[2] https://github.com/rdesktop/rdesktop/issues/342

debugging.txt (17K) Download Attachment
ignore-userid.diff (424 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#934897: rdesktop: 1.8.6 crashes after login in Windows XP, rdp_recv(), unexpected stream overrun, 1.8.4 works

Bernhard Übelacker-3
Dear Maintainer,
upstream issue [1] got closed with commit [2] in the master branch,
and should be contained in the upcoming release 1.9.0.

Unfortunately I guess the upstream 1.8.x branch will not
get an update for this, so either the patch in my previous
mail should work, or the change proposed in pull request [3].

Kind regards,
Bernhard

[1] https://github.com/rdesktop/rdesktop/issues/342
[2] https://github.com/rdesktop/rdesktop/commit/a646a5cce2ece3acc07ccead1e5f971cacc0db81
[3] https://github.com/rdesktop/rdesktop/pull/346/commits