[qca] [Bug 482819] kwalletd6 sometimes crashed in QCA::PrivateKey::deriveKey when starting Proton VPN GUI

Matt Fagnani bugzilla_noreply at kde.org
Sun Mar 24 13:18:31 GMT 2024 

https://bugs.kde.org/show_bug.cgi?id=482819

--- Comment #6 from Matt Fagnani <matt.fagnani at bell.net> ---
I used kwalletmanager to export my wallet in encrypted form, then I deleted my
wallet. I created a new wallet when I started Proton VPN GUI and logged in.
kwalletd6 crashed each time when logging in to the Proton VPN server with the
same trace. An error message was shown by the Proton VPN GUI which wasn't shown
before, and the Proton VPN GUI didn't crash. So the problem didn't seem to be
something old about my wallet specifically. 

I ran the GNOME Keyring GUI program seahorse (Passwords and Keys) in Plasma
6.0.2, and kwalletd6 crashed with what looked like the same type of trace. The
problem appeared to be when deriving a private key during a Diffie-Hellman key
exchange.

Core was generated by `/usr/bin/kwalletd6 --pam-login 13 14'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f53b93811dc in QCA::PrivateKey::deriveKey
(this=this at entry=0x7ffecdfbcc90, theirs=...)
    at /usr/src/debug/qca-2.3.8-1.fc40.x86_64/src/qca_publickey.cpp:1030
1030        return static_cast<PKeyContext
*>(context())->key()->deriveKey(*(theirContext->key()));
[Current thread is 1 (Thread 0x7f53b96a79c0 (LWP 1591))]
(gdb) bt
#0  0x00007f53b93811dc in QCA::PrivateKey::deriveKey
(this=this at entry=0x7ffecdfbcc90, theirs=...)
    at /usr/src/debug/qca-2.3.8-1.fc40.x86_64/src/qca_publickey.cpp:1030
#1  0x000055629a2db992 in
KWalletFreedesktopService::createSessionAlgorithmDhAes (this=0x7f53a000a320,
clientKey=...)
    at
/usr/src/debug/kf6-kwallet-6.0.0-1.fc40.x86_64/src/runtime/kwalletd/kwalletfreedesktopservice.cpp:424
#2  KWalletFreedesktopService::OpenSession
    (this=0x7f53a000a320, algorithm=<optimized out>, input=<optimized out>,
result=...)
    at
/usr/src/debug/kf6-kwallet-6.0.0-1.fc40.x86_64/src/runtime/kwalletd/kwalletfreedesktopservice.cpp:266
#3  0x000055629a300f43 in KWalletFreedesktopServiceAdaptor::OpenSession
    (this=0x55629c5681b0, algorithm=<optimized out>, input=<optimized out>,
result=<optimized out>)
    at
/usr/src/debug/kf6-kwallet-6.0.0-1.fc40.x86_64/redhat-linux-build/src/runtime/kwalletd/kwalletfreedesktopserviceadaptor.cpp:63
#4  KWalletFreedesktopServiceAdaptor::qt_static_metacall
    (_o=0x55629c5681b0, _c=<optimized out>, _id=<optimized out>,
_a=0x7ffecdfbcfc8)
    at
/usr/src/debug/kf6-kwallet-6.0.0-1.fc40.x86_64/redhat-linux-build/src/runtime/kwalletd/moc_kwalletfreedesktopserviceadaptor.cpp:410
#5  0x000055629a301254 in KWalletFreedesktopServiceAdaptor::qt_metacall
    (this=0x55629c5681b0, _c=QMetaObject::InvokeMetaMethod, _id=6,
_a=0x7ffecdfbcfc8)
    at
/usr/src/debug/kf6-kwallet-6.0.0-1.fc40.x86_64/redhat-linux-build/src/runtime/kwalletd/moc_kwalletfreedesktopserviceadaptor.cpp:489
#6  0x00007f53b897bb11 in QDBusConnectionPrivate::deliverCall
    (this=this at entry=0x7f53a0001690, object=object at entry=0x55629c5681b0,
msg=..., metaTypes=..., slotIdx=11)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/dbus/qdbusintegrator.cpp:977
#7  0x00007f53b897f675 in QDBusConnectionPrivate::activateCall
    (this=this at entry=0x7f53a0001690, object=0x55629c5681b0,
flags=flags at entry=273, msg=...)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/dbus/qdbusintegrator.cpp:879
#8  0x00007f53b89802c6 in QDBusConnectionPrivate::activateCall
    (this=0x7f53a0001690, object=<optimized out>, flags=273, msg=...)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/dbus/qdbusintegrator.cpp:825
--Type <RET> for more, q to quit, c to continue without paging--c
#9  QDBusConnectionPrivate::activateObject (this=0x7f53a0001690, node=...,
msg=..., pathStartPos=<optimized out>)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/dbus/qdbusintegrator.cpp:1460
#10 0x00007f53b898295a in QDBusActivateObjectEvent::placeMetaCall
(this=0x7f53a00043c0)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/dbus/qdbusintegrator.cpp:1580
#11 0x00007f53b77e25a5 in QObject::event (this=0x7f53a000a320,
e=0x7f53a00043c0)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/corelib/kernel/qobject.cpp:1437
#12 0x00007f53b8b87f68 in QApplicationPrivate::notify_helper
    (this=<optimized out>, receiver=0x7f53a000a320, e=0x7f53a00043c0)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/widgets/kernel/qapplication.cpp:3296
#13 0x00007f53b778f218 in QCoreApplication::notifyInternal2
(receiver=0x7f53a000a320, event=0x7f53a00043c0)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1121
#14 0x00007f53b778f42d in QCoreApplication::sendEvent (receiver=<optimized
out>, event=<optimized out>)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1539
#15 0x00007f53b7793147 in QCoreApplicationPrivate::sendPostedEvents
(receiver=0x0, event_type=0, data=0x55629c210390)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1901
#16 0x00007f53b779340d in QCoreApplication::sendPostedEvents
(receiver=<optimized out>, event_type=<optimized out>)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/corelib/kernel/qcoreapplication.cpp:1760
#17 0x00007f53b7a6751f in postEventSourceDispatch (s=0x55629c212450)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:243
#18 0x00007f53b6e9668c in g_main_context_dispatch_unlocked.lto_priv () at
/lib64/libglib-2.0.so.0
#19 0x00007f53b6ef7788 in g_main_context_iterate_unlocked.isra () at
/lib64/libglib-2.0.so.0
#20 0x00007f53b6e97b03 in g_main_context_iteration () at
/lib64/libglib-2.0.so.0
#21 0x00007f53b7a66de3 in QEventDispatcherGlib::processEvents
(this=0x55629c22a0d0, flags=...)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:393
#22 0x00007f53b779c053 in QEventLoop::exec (this=this at entry=0x7ffecdfbd8a0,
flags=..., flags at entry=...)
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/corelib/global/qflags.h:34
#23 0x00007f53b7797ffc in QCoreApplication::exec ()
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/corelib/global/qflags.h:74
#24 0x00007f53b7fd37cd in QGuiApplication::exec ()
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/gui/kernel/qguiapplication.cpp:1925
#25 0x00007f53b8b87ed9 in QApplication::exec ()
    at
/usr/src/debug/qt6-qtbase-6.6.2-6.fc40.x86_64/src/widgets/kernel/qapplication.cpp:2574
#26 0x000055629a2c1d95 in main (argc=<optimized out>, argv=<optimized out>)
    at
/usr/src/debug/kf6-kwallet-6.0.0-1.fc40.x86_64/src/runtime/kwalletd/main.cpp:221

The variables this and theirs in QCA::PrivateKey::deriveKey had the same
possible problems with their d pointers that I mentioned in comment 3.

(gdb) p this
$1 = (QCA::PrivateKey * const) 0x7ffecdfbcc90
(gdb) p *this
$2 = {<QCA::PKey> = {<QCA::Algorithm> = {_vptr.Algorithm = 0x7f53b93ed598
<vtable for QCA::PrivateKey+16>, d = {
        d = 0x0}}, d = 0x55629c5a72f0}, d = 0x91691df82edcec00}
(gdb) p theirs
$3 = (const QCA::PublicKey &) @0x7ffecdfbccd0: {<QCA::PKey> = {<QCA::Algorithm>
= {
      _vptr.Algorithm = 0x7f53b93ec880 <vtable for QCA::DHPublicKey+16>, d = {d
= 0x55629c554730}}, 
    d = 0x55629c59ab90}, d = 0x75}

The Proton VPN GUI and seahorse are both GTK programs using the Secret Service
interface.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Unassigned-bugs mailing list