Seg fault on connection attempt

[stevemolloy]

I have been a happy profanity user for some time now, but in the last week or so I am unable to use it due to a seg fault after providing the password.

Expected Behavior

1. Start profanity
2. Profanity initiates the connection with the server and asks me for a password
3. I provide the password
4. Start chatting to my buddies

Current Behavior

1. Start profanity
2. Profanity initiates the connection with the server and asks me for a password
3. I provide the password
4. Seg fault

This happens no matter if the password is correct or not.

Log file

Some details removed for privacy reasons.

2024-04-10T12:11:31.398716+02: prof: INF: Starting Profanity (0.14.0)…
2024-04-10T12:11:31.398805+02: prof: INF: Initialising chat logs
2024-04-10T12:11:31.398810+02: prof: INF: Initialising groupchat logs
2024-04-10T12:11:31.398814+02: prof: INF: Loading accounts
2024-04-10T12:11:31.398941+02: prof: INF: Initialising UI
2024-04-10T12:11:31.404928+02: prof: INF: Initialising XMPP
2024-04-10T12:11:31.406658+02: prof: INF: Loading capabilities cache
2024-04-10T12:11:31.406774+02: prof: INF: Initialising commands
2024-04-10T12:11:31.410998+02: prof: INF: Initialising contact list
2024-04-10T12:11:31.411008+02: prof: INF: Loading TLS certificates
2024-04-10T12:11:31.411036+02: prof: INF: Initialising OTR
2024-04-10T12:11:31.411108+02: prof: DBG: GPG: Found gpgme version: 1.23.2
2024-04-10T12:11:31.441777+02: prof: INF: [OMEMO] initialising
2024-04-10T12:11:31.460152+02: prof: DBG: Resizing UI
2024-04-10T12:11:31.461770+02: prof: DBG: Input received: /connect *******@jabber.myserver.url
2024-04-10T12:11:35.539542+02: prof: INF: Connecting using account: *******@jabber.myserver.url
2024-04-10T12:11:35.539828+02: prof: INF: Connecting as *******@jabber.myserver.url/profanity.qzcH
2024-04-10T12:11:35.539954+02: prof: DBG: Connecting with flags (0x2):
2024-04-10T12:11:35.539982+02: prof: DBG:   XMPP_CONN_FLAG_MANDATORY_TLS
2024-04-10T12:11:35.569773+02: sock: DBG: SRV lookup failed, connecting via domain.
2024-04-10T12:11:35.578091+02: sock: DBG: Connecting to jabber.myserver.url:5222 via xxx.xxx.xxx.xxx
2024-04-10T12:11:35.578281+02: sock: DBG: sock_connect() result 7
2024-04-10T12:11:35.578880+02: prof: INF: Starting main event loop
2024-04-10T12:11:35.579868+02: xmpp: DBG: connection successful
2024-04-10T12:11:35.580483+02: conn: DBG: SENT: <?xml version="1.0"?><stream:stream to="jabber.myserver.url" xml:lang="en" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams">
2024-04-10T12:11:35.586685+02: xmpp: DBG: RECV: <stream:stream from="jabber.myserver.url" id="********" lang="en" version="1.0">
2024-04-10T12:11:35.588166+02: xmpp: DBG: RECV: <features xmlns="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>GSSAPI</mechanism><mechanism>NTLM</mechanism></mechanisms></features>
2024-04-10T12:11:35.605818+02: conn: DBG: SENT: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
2024-04-10T12:11:35.611093+02: xmpp: DBG: RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
2024-04-10T12:11:35.611202+02: xmpp: DBG: handle proceedtls called for proceed
2024-04-10T12:11:35.611210+02: xmpp: DBG: proceeding with TLS
2024-04-10T12:11:35.626353+02: tls: DBG: Certificate verification passed
2024-04-10T12:11:35.626557+02: tls: DBG: Certificate was not presented by peer
2024-04-10T12:11:35.626574+02: tls: DBG: error=SSL_ERROR_SSL(1) errno=0 lasterror=0
2024-04-10T12:11:35.626597+02: tls: DBG: error:0A000410:SSL routines::ssl/tls alert handshake failure
2024-04-10T12:11:35.628694+02: conn: DBG: Couldn't start TLS! error -3 tls_error 1

Environment

$ profanity -v
Profanity, version 0.14.0
Copyright (C) 2012 - 2019 James Booth <[email protected]>.
Copyright (C) 2019 - 2023 Michael Vetter <[email protected]>.
License GPLv3+: GNU GPL version 3 or later <https://www.gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Build information:
XMPP library: libstrophe
Desktop notification support: Enabled
OTR support: Enabled (libotr 4.1.1)
PGP support: Enabled (libgpgme 1.23.2)
OMEMO support: Enabled
C plugins: Enabled
Python plugins: Enabled (3.11.8)
GTK icons/clipboard: Disabled
GDK Pixbuf: Enabled

I'm using Arch linux, and Profanity was installed using pacman.

[jubalh]

2024-04-10T12:11:35.626574+02: tls: DBG: error=SSL_ERROR_SSL(1) errno=0 lasterror=0
2024-04-10T12:11:35.626597+02: tls: DBG: error:0A000410:SSL routines::ssl/tls alert handshake failure
2024-04-10T12:11:35.628694+02: conn: DBG: Couldn't start TLS! error -3 tls_error 1

Which libstrophe version are you running.
Do you have a stack trace? Which server software/version?

[stevemolloy]

Which libstrophe version are you running.

libstrophe 1:0.13.1-1

Do you have a stack trace?

I have a core dump, and poking around it with GDB I see the following:

(No debugging symbols found in /usr/bin/profanity)
[New LWP 7954]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
Core was generated by `profanity'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000075f71bac2685 in ?? () from /usr/lib/libstrophe.so.0
(gdb) bt
#0  0x000075f71bac2685 in ??? () at /usr/lib/libstrophe.so.0
#1  0x000075f71bab859a in xmpp_run_once () at /usr/lib/libstrophe.so.0
#2  0x00005fedb0267aec in session_process_events ()
#3  0x00005fedb02685f8 in prof_run ()
#4  0x00005fedb025c249 in main ()

Which server software/version?

I am not sure how to find this info.

[jubalh]

Thanks for the additional info!

I am not sure how to find this info.

/serversoftware myserver.org

[sjaeckel]

Could you please

1. create a wireshark capture of the connection attempt
2. downgrade libstrophe to 0.12.2 and try again. If it segfaults, please do another capture

Does the segfault happen with 0.12.2 as well?

Which OpenSSL version do you have installed?

If you don't want to upload the captures here, please send them in via Mail or get in contact to determine how we could get access.

[stevemolloy]

1. create a wireshark capture of the connection attempt

Done. Is there an email address I could send this to? I'd rather not have it public.

2. downgrade libstrophe to 0.12.2 and try again. If it segfaults, please do another capture

It no longer segfaults, but logging in does not work. I am sure I am entering the correct password, but I get "login failed".
Here is the debug log:

2024-04-10T15:26:45.165303+02: prof: INF: Starting Profanity (0.14.0)…
2024-04-10T15:26:45.165394+02: prof: INF: Initialising chat logs
2024-04-10T15:26:45.165424+02: prof: INF: Initialising groupchat logs
2024-04-10T15:26:45.165447+02: prof: INF: Loading accounts
2024-04-10T15:26:45.165595+02: prof: INF: Initialising UI
2024-04-10T15:26:45.177884+02: prof: INF: Initialising XMPP
2024-04-10T15:26:45.180258+02: prof: INF: Loading capabilities cache
2024-04-10T15:26:45.180473+02: prof: INF: Initialising commands
2024-04-10T15:26:45.192105+02: prof: INF: Initialising contact list
2024-04-10T15:26:45.192124+02: prof: INF: Loading TLS certificates
2024-04-10T15:26:45.192159+02: prof: INF: Initialising OTR
2024-04-10T15:26:45.192226+02: prof: DBG: GPG: Found gpgme version: 1.23.2
2024-04-10T15:26:45.221164+02: prof: INF: [OMEMO] initialising
2024-04-10T15:26:45.253144+02: prof: DBG: Resizing UI
2024-04-10T15:26:45.256174+02: prof: DBG: Input received: /connect [email protected]
2024-04-10T15:26:57.308595+02: prof: INF: Connecting using account: [email protected]
2024-04-10T15:26:57.308674+02: prof: INF: Connecting as [email protected]/profanity.qzcH
2024-04-10T15:26:57.308705+02: prof: DBG: Connecting with flags (0x2):
2024-04-10T15:26:57.308716+02: prof: DBG:   XMPP_CONN_FLAG_MANDATORY_TLS
2024-04-10T15:26:57.645602+02: xmpp: DBG: SRV lookup failed, connecting via domain.
2024-04-10T15:26:57.657997+02: xmpp: DBG: sock_connect() to jabber.myserver.url:5222 returned 7
2024-04-10T15:26:57.658233+02: xmpp: DBG: Attempting to connect to jabber.myserver.url
2024-04-10T15:26:57.658604+02: prof: INF: Starting main event loop
2024-04-10T15:26:57.661893+02: xmpp: DBG: connection successful
2024-04-10T15:26:57.662248+02: conn: DBG: SENT: <?xml version="1.0"?><stream:stream to="jabber.myserver.url" xml:lang="en" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams">
2024-04-10T15:26:57.666664+02: xmpp: DBG: RECV: <stream:stream from="jabber.myserver.url" id="4dkd4h3jtx" lang="en" version="1.0">
2024-04-10T15:26:57.668288+02: xmpp: DBG: RECV: <features xmlns="http://etherx.jabber.org/streams"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>GSSAPI</mechanism><mechanism>NTLM</mechanism></mechanisms></features>
2024-04-10T15:26:57.686493+02: conn: DBG: SENT: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
2024-04-10T15:26:57.802169+02: xmpp: DBG: RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
2024-04-10T15:26:57.802293+02: xmpp: DBG: handle proceedtls called for proceed
2024-04-10T15:26:57.802321+02: xmpp: DBG: proceeding with TLS
2024-04-10T15:26:57.953157+02: tls: DBG: Certificate verification passed
2024-04-10T15:26:57.953297+02: tls: DBG: Certificate was not presented by peer
2024-04-10T15:26:57.953331+02: tls: DBG: error=SSL_ERROR_SSL(1) errno=0 lasterror=0
2024-04-10T15:26:57.953365+02: tls: DBG: error:0A000410:SSL routines::ssl/tls alert handshake failure
2024-04-10T15:26:57.955586+02: conn: DBG: Couldn't start TLS! error -3 tls_error 1
2024-04-10T15:26:57.966301+02: conn: DBG: SENT: </stream:stream>
2024-04-10T15:26:57.966373+02: xmpp: DBG: Send error occurred, disconnecting.
2024-04-10T15:26:57.966391+02: xmpp: DBG: Closing socket.
2024-04-10T15:26:57.966431+02: prof: DBG: Connection handler: XMPP_CONN_DISCONNECT
2024-04-10T15:26:57.966446+02: prof: DBG: Connection handler: Login failed
2024-04-10T15:26:57.966459+02: prof: DBG: Connection handler: No reconnect timer
2024-04-10T15:26:57.966543+02: prof: INF: Login failed
2024-04-10T15:27:02.076612+02: prof: DBG: Input received: /quit
2024-04-10T15:27:02.076698+02: prof: INF: Profanity is shutting down…

Which OpenSSL version do you have installed?

3.2.1-1

[stevemolloy]

Thanks for the additional info!

I am not sure how to find this info.

/serversoftware myserver.org

Not sure how to do this if I cannot connect. Or am I misunderstanding something?

[jubalh]

Not sure how to do this if I cannot connect. Or am I misunderstanding something?

Hehe :) That was pretty dumb of me :) You are right of course.
You could connect with another account (if you have one) and still query the other server. Or ask your admin for the info.

You could also mention the domain to us when you send us the email, and we check ourselves.

[sjaeckel]

You can send it to the e-mail address mentioned on my GH profile. PGP key ID is 7B24BC73AFEEFA69A5BDE9C53FAA94B3BD9016D9

It no longer segfaults, but logging in does not work. I am sure I am entering the correct password, but I get "login failed".

Thanks, so the segfault is caused by the changes of 0.13, I'll have a look at that.

The problem seems to be TLS connection related, but I'm not exactly sure yet what happens.

[sjaeckel]

Could you maybe try out libstrophe from this branch https://github.com/strophe/libstrophe/tree/some-fixes ?

This should at least not segfault anymore.

Also you should then be able to set the SSLKEYLOGFILE environment variable, so we could look into the TLS session if required.

[sjaeckel]

Looking at the capture you provided I'm not sure whether we can do anything here.

1. the stream is opened with the server requiring STARTTLS
2. STARTTLS is negotiated
3. after sending a valid Client Hello the connection is closed from the server side with a Handshake Failure alert

I'd say you have to get in contact with your server administrator to debug this further.

Which software is running on that server? It seems to be only reachable in your private network.
Did profanity work with that server before?
Did you recently update openssl?

I'm curious on how this evolves :)

[stevemolloy]

Did profanity work with that server before?

Yes, I've been happily using profanity with that server for months (a year?) now.

Did you recently update openssl?

Yes, I updated openssl about a week ago, but downgrading it doesn't seem to help (and broke a lot of other stuff in my system :D)

I'll get in touch with the server admin.

[sjaeckel]

Yes, I updated openssl about a week ago [...]

One wild guess: I've seen stuff failing because openssl became more strict some time ago, you could try to enable the legacy provider [0] and see if it works then.

[...] downgrading it doesn't seem to help (and broke a lot of other stuff in my system :D)

I didn't ask you to downgrade for exactly that reason :D

I'll get in touch with the server admin.

👍

[0] https://bbs.archlinux.org/viewtopic.php?pid=2065783#p2065783

[stevemolloy]

One wild guess: I've seen stuff failing because openssl became more strict some time ago, you could try to enable the legacy provider [0] and see if it works then.

I made that change to openssl.cnf, and it no longer seg faults. This is back with the fully up to date libstrophe (from the pacman repos, not the proposed fix that was suggested by sjaeckel) and openssl.

I still can't log in as I used to, but at least profanity no longer crashes.

[...] downgrading it doesn't seem to help (and broke a lot of other stuff in my system :D)

I didn't ask you to downgrade for exactly that reason :D

Yeah, I acted before thinking. Dumb, but all fixed now :)

I'll get in touch with the server admin.

I sent a ticket to the IT team yesterday, and will keep you up to date with their replies.

Thanks for being so energetic here. It's a dream to have software maintainers be so responsive 👍

[sjaeckel]

I made that change to openssl.cnf, and it no longer seg faults. This is back with the fully up to date libstrophe (from the pacman repos, not the proposed fix that was suggested by sjaeckel) and openssl.

Cool, so we know that it has to do with your XMPP server only allowing weak ciphers.

Can you maybe create another wireshark capture? But this time with libstrophe from the some-fixes branch?

The easiest way to do that IMO is building both libstrophe and profanity from source.

# adapt this to where you want to have this built
export DEVDIR=/home/user/foo/profanity
export SSLKEYLOGFILE=$DEVDIR/sslkeylogfile
mkdir -p $DEVDIR/prefix
pushd $DEVDIR
git clone https://github.com/strophe/libstrophe.git -b some-fixes
git clone https://github.com/profanity-im/profanity.git
pushd libstrophe
./bootstrap.sh
PKG_CONFIG_PATH=$DEVDIR/prefix/lib/pkgconfig ./configure --prefix=$DEVDIR/prefix
make -j$(nproc)
make install
popd
pushd profanity
./bootstrap.sh
PKG_CONFIG_PATH=$DEVDIR/prefix/lib/pkgconfig ./configure --prefix=$DEVDIR/prefix
make -j$(nproc)
./profanity -l DEBUG

Please make sure to either not enter your real password when trying to connect or set up a temporary password, as your server only supports PLAIN authentication and that really means that the password is sent in PLAIN text and will show up in the wireshark capture ;)

Then please send over the wireshark capture and the $DEVDIR/sslkeylogfile so I can inspect the encrypted data of the TLS session.

Thanks for being so energetic here. It's a dream to have software maintainers be so responsive 👍

:)

[stevemolloy]

# adapt this to where you want to have this built
export DEVDIR=/home/user/foo/profanity
export SSLKEYLOGFILE=$DEVDIR/sslkeylogfile
mkdir -p $DEVDIR/prefix
pushd $DEVDIR
git clone https://github.com/strophe/libstrophe.git -b some-fixes
git clone https://github.com/profanity-im/profanity.git
pushd libstrophe
./bootstrap.sh
PKG_CONFIG_PATH=$DEVDIR/prefix/lib/pkgconfig ./configure --prefix=$DEVDIR/prefix
make -j$(nproc)
make install
popd
pushd profanity
./bootstrap.sh
PKG_CONFIG_PATH=$DEVDIR/prefix/lib/pkgconfig ./configure --prefix=$DEVDIR/prefix
make -j$(nproc)
./profanity -l DEBUG

Trying this, but I get an error when running bootstrap.sh for profanity.

$ ./bootstrap.sh
libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, 'build-aux'.
libtoolize: copying file 'build-aux/ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
libtoolize: Consider adding '-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
configure.ac:78: error: possibly undefined macro: AC_MSG_ERROR
      If this token and others are legitimate, please use m4_pattern_allow.
      See the Autoconf documentation.
autoreconf: error: /usr/bin/autoconf failed with exit status: 1

I'm not familiar with autoconf, and so am not sure how to proceed. Apologies. Can you advise?

[jubalh]

I'm not familiar with autoconf, and so am not sure how to proceed. Apologies. Can you advise?

You are missing autoconf-archive.

[stevemolloy]

Thanks. I've now sent the requested wireshark capture to @sjaeckel

[stevemolloy]

Apologies for the silence, but I'm still waiting on our IT people to get back to me :(

[sjaeckel]

Cool, so we know that it has to do with your XMPP server only allowing weak ciphers.

FTR: this conclusion was wrong. After iterating a bit more we realized that there was an error while enabling the legacy provider which made OpenSSL stop working and the connection attempt stopped already earlier because the TLS part couldn't be initialized. After fixing that configuration error the connection still stopped at the same point after the STARTTLS where the ClientHello is sent.

[jubalh]

@stevemolloy any news?

[stevemolloy]

Sorry for my long silence. IT claims they have only refreshed the certificate, which isn't particularly helpful. Work has been busy recently, so I will try to get back to you with a wireshark capture of a pidgin connection.