[qca] [Bug 495969] New: kdeconnect dumps core due to QCA unconditionally using EVP_sha1()

Taketo Kabe bugzilla_noreply at kde.org
Fri Nov 8 13:59:28 GMT 2024 

https://bugs.kde.org/show_bug.cgi?id=495969

            Bug ID: 495969
           Summary: kdeconnect dumps core due to QCA unconditionally using
                    EVP_sha1()
    Classification: Frameworks and Libraries
           Product: qca
           Version: 2.3.6
          Platform: RedHat Enterprise Linux
                OS: Linux
            Status: REPORTED
          Severity: major
          Priority: NOR
         Component: general
          Assignee: unassigned-bugs at kde.org
          Reporter: dkabe at vega.pgw.jp
                CC: aacid at kde.org, bradh at frogmouth.net,
                    justin at karneges.com
  Target Milestone: ---

Created attachment 175649
  --> https://bugs.kde.org/attachment.cgi?id=175649&action=edit
Patch to use EVP_sha256() instead of EVP_sha1(), if available

SUMMARY
kdeconnect uses QCA to generate a self-signed certificate.
But it could not generate a proper X509 certificate by using EVP_sha1(),
but RHEL 9 family disables SHA-1 system-wide.
This causes X509 certificate lacking a signature, 
could not write a proper PEM to ~/.config/kdeconnect/certificate.pem,
and dumps core.

STEPS TO REPRODUCE
1.  pkill kdeconnectd
2. QT_LOGGING_RULES='kdeconnect.core.debug=true' /usr/libexec/kdeconnectd

OBSERVED RESULT
$ QT_LOGGING_RULES="kdeconnect.core.debug=true" /usr/libexec/kdeconnectd
kdeconnect.core: Daemon starting
kdeconnect.core: Certificate from
"/home/kabe/.config/kdeconnect/certificate.pem" is not valid
kdeconnect.core: Generating certificate
kdeconnect.core: My id: "_22bbbb44_27a2_4e53_a567_084181656731_"
kdeconnect.daemon: "KDE Connect" : "Could not store certificate file:
/home/kabe/.config/kdeconnect/certificate.pem"
kdeconnect.core: LanLinkProvider started
kdeconnect.core: Daemon started
kdeconnect.core: Broadcasting identity packet
Segmentation fault (core dumped)

EXPECTED RESULT
kdeconnectd continues to run


SOFTWARE/OS VERSIONS
Linux/KDE Plasma: kernel-5.14.0-427.16.1.el9_4 
KDE Plasma Version: plasma-workspace-common-5.27.11-1
KDE Frameworks Version: kf5-filesystem-5.115.0
Qt Version: qt5-qtbase-5.15.9

ADDITIONAL INFORMATION
The attached patch seems to fix this.

Problem is obseved on QCA 2.3.6, but git version still seems to have the
problem.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Unassigned-bugs mailing list