auth-nonascii test fails or segfaults depending on system environment

dwmw2 at infradead.org (David Woodhouse) · Mon, 14 Aug 2017 13:36:31 +0100

On Mon, 2017-07-10 at 16:29 -0700, Mike Miller wrote:
> Hi,
> 
> I noticed that the recently added test "auth-nonascii" fails as
> currently written under a handful of different system configurations.
> 
> In short, I think using LC_CTYPE in the script is not a strong enough
> constraint, because the caller's LC_ALL may override it if set. Using
> LC_ALL as in the following patch fixes this for me.
> 
> diff --git a/tests/auth-nonascii b/tests/auth-nonascii
> index d930b117d29c..1da8de25464a 100755
> --- a/tests/auth-nonascii
> +++ b/tests/auth-nonascii
> @@ -34,7 +34,7 @@ set -x
> ?for CHARSET in UTF-8 ISO8859-2; do
> ?????echo -n "Connecting to obtain cookie (with password charset ${CHARSET})... "
> ?????CERTARGS="-c ${KEY} --key-password $(cat ${srcdir}/pass-${CHARSET})"
> -????( echo "test" | LC_CTYPE=cs_CZ.${CHARSET} LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:443 -u test $CERTARGS --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly --passwd-on-stdin ) ||
> +????( echo "test" | LC_ALL=cs_CZ.${CHARSET} LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:443 -u test $CERTARGS --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly --passwd-on-stdin ) ||
> ?	fail $PID "Could not connect with charset ${CHARSET}!"
> ?done

Thanks. I've just pushed that fix.

> I think it's also worth reporting that OpenConnect segfaults if the
> cs_CZ locales are not available on the system when this test runs,
> either with or without this change:
> 
> ? iconv: Invalid or incomplete multibyte or wide character
> ? *** Error in `/.../.libs/openconnect': free(): invalid pointer: 0x00007ffe53d2d7e4 ***
> ? free called from load_pkcs12_certificate at gnutls.c:526

Yay for testing :)

I actually had a fix for that lying around in my tree for a while; have
finally pushed it now. Thanks!

I note that the auth-nonascii test still fails on Ubuntu 16.04, as even
in the trivial case of the default UTF-8 (in my case en_GB) locale,
GnuTLS won't open the file:

Using certificate file ./certs/user-key-nonascii-password.p12
Failed to process PKCS#12 file: The given password contains invalid characters.

?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4938 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170814/3f1ea369/attachment-0001.bin>