FS#30401 - [virtualbox] Creates buffer overflows and used port messages with latest libvncserver

Attached to Project: Community Packages
Opened by Oliver L. (Grimeton) - Friday, 22 June 2012, 10:31 GMT
Last edited by Sébastien Luttringer (seblu) - Tuesday, 24 July 2012, 17:25 GMT
Task Type Bug Report
Category Upstream Bugs
Status Closed
Assigned To Andrea Scarpino (BaSh)
Ionut Biru (wonder)
Sébastien Luttringer (seblu)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Hi,

after the upgrade of libvncserver from 0.9.8.2-1 to 0.9.9-1 Virtualbox creates "port already in use" messages and buffer overflows when starting/connecting to the vm.

When the VM is started, one can see this on the screen:

22/06/2012 12:19:27 Listening for VNC connections on TCP port 5902
22/06/2012 12:19:27 rfbListenOnTCP6Port: error in bind IPv6 socket: Address already in use

That's because the port, handed to VBoxHeadless, is only set for IPv4 and not IPv6, so VBoxHeadless tries to use port 5900 on IPv6.

The machine comes up and runs like it should, but the moment one connects to the machine via VNC, the whole VM crashes:

*** buffer overflow detected ***: /usr/lib/virtualbox/VBoxHeadless terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f3c5327a7b7]
/lib/libc.so.6(+0xf78d0)[0x7f3c532788d0]
/lib/libc.so.6(+0xf9767)[0x7f3c5327a767]
/usr/lib/libvncserver.so.0(rfbProcessNewConnection+0x104)[0x7f3c50d2f5c4]
/usr/lib/libvncserver.so.0(rfbCheckFds+0x3e8)[0x7f3c50d2fad8]
/usr/lib/libvncserver.so.0(rfbProcessEvents+0x1d)[0x7f3c50d26edd]
/usr/lib/libvncserver.so.0(rfbRunEventLoop+0x2b)[0x7f3c50d26fdb]
/usr/lib/virtualbox/VBoxHeadless.so(+0xb5c5)[0x7f3c50f915c5]
/usr/lib/virtualbox/VBoxRT.so(+0x6f84c)[0x7f3c52ec584c]
/usr/lib/virtualbox/VBoxRT.so(+0xbbf56)[0x7f3c52f11f56]
/lib/libpthread.so.0(+0x7e0e)[0x7f3c5372de0e]
/lib/libc.so.6(clone+0x6d)[0x7f3c532651ed]
======= Memory map: ========
00400000-00406000 r-xp 00000000 09:02 100769526 /usr/lib/virtualbox/VBoxHeadless
00606000-00607000 rw-p 00006000 09:02 100769526 /usr/lib/virtualbox/VBoxHeadless
00607000-00609000 rw-p 00000000 00:00 0
00f67000-0104e000 rw-p 00000000 00:00 0 [heap]

Imho that's because of the not set port.

When downgrading back to 0.9.8.2-1, everything is working again.

I can see this behaviour since libvncserver was upgraded from 0.9.8.2-1. It started with 4.1.16 and now in 4.1.18-1 it's still the same.

KR,

Grimeton
This task depends upon

Closed by  Sébastien Luttringer (seblu)
Tuesday, 24 July 2012, 17:25 GMT
Reason for closing:  Fixed
Additional comments about closing:  virtualbox-4.1.18-3
Comment by Ionut Biru (wonder) - Friday, 22 June 2012, 11:01 GMT
you should report this bug to virtualbox.
Comment by Alexander F. Rødseth (xyproto) - Sunday, 15 July 2012, 13:08 GMT
Grimeton, Is this still an issue? Has it been reported upstream? Here's the VirtualBox bug tracker: https://www.virtualbox.org/wiki/Bugtracker
Comment by Oliver L. (Grimeton) - Sunday, 15 July 2012, 13:12 GMT
I talked to the devs in #vbox-dev on freenode and I'm working on a V6 enabled version for the 4.2 release.

VNC Support becomes an extension pack that will be a plugin for the VRDE system which should then be able to handle V6 stuff.

If you like I can patch the 4.1.18 version so that the IPv6 port matches the IPv4 one.

Btw: The problem comes from libvncserver that uses a totally different init of the IPv6 stuff.

KR,

Oliver
Comment by Oliver L. (Grimeton) - Monday, 16 July 2012, 14:43 GMT
Hi,

find attached a changed PKGBUILD and a patch for the IPv6 problem.

KR,

Oliver
Comment by Sébastien Luttringer (seblu) - Sunday, 22 July 2012, 23:31 GMT
I doesn't see the bug reported upstream. I missed it?

Maybe it can be included in next 4.1.20 release?
Comment by Oliver L. (Grimeton) - Sunday, 22 July 2012, 23:39 GMT
The Patch has been posted on the dev mailing list.

KR,

Grimeton

Loading...