-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Android 10 App Crash #51
Comments
It also crashes on Android Studio Q emulator. |
The app crashes when trying to connect on Android 10/Pixel |
Crashes on pixel 3 xl with android 10 |
After figuring out how to crudely build and debug Android apps in Android Studio, I found this error on the debugging console on Android 10 that I didn't get on Android 9 (on which the app still works):
Apparently %n was used in exploits in older versions of sprintf, and Android 9 and below silently sanitizes it. Android 10 will not and refuse to accept it, causing the app to crash. The component responsible for this security feature is called FORTIFY. https://android-developers.googleblog.com/2017/04/fortify-in-android.html In the five vasnprintf.c files that contain:
Based on these comments: https://lists.gnu.org/archive/html/bug-gnulib/2018-12/msg00126.html I tried patching the line:
but that doesn't seem to work. It's highly likely that that because I don't know what I'm doing, I'm not building the c libraries ( liboppenconnect, libgnutls, etc) with the NDK (20.0.5594570) correctly or I'm looking in the wrong place. My next steps are to figure out how to print debugging messages or a stack trace to figure out where in the c libraries the app dies, and what is trying to pass %n. |
IMO this is the most likely culprit, although you might want to check |
I tried updating GnuTLS to 3.6.9 and Nettle to 3.4.1 but still get I noticed that the oath-toolkit also had a copy of vasnprintf.c, and from what I could find, the latest version is 2.6.2 is from 2016. It may need to be updated to avoid using '%n' on Android. |
I got the following trace from an (emulated) Pixel 2 running API 29. It looks like GnuTLS removed their implementation of vasprintf in favor of the gnulib one. |
Whether anyone has solved this problem, I also encountered the same problem on pix2-androidQ。 |
I compile with below modify,openconnect can run on mate30、pixel2、android Q-emulator update GNUTLS to version 3.6.8 the attachment is the modify of ./oath-toolkit-2.6.2/oathtool/gl/vasnprintf.c |
This comment has been minimized.
This comment has been minimized.
Hi @ffyliu , Thanks for the fix. its working perfectly |
What's the chance of one you guys getting the fix into a Pull Request? :) |
Hello to all,
I will appreciate if someone can help me to identify what can be the reason. |
Whether anyone has solved this problem, any working solution ???, if anyone.... please help me ... |
Try this. |
please help whenever I try to compile with nettle 3.4.1 and gnutls 3.6.8 checking for guile-snarf... /usr/bin/guile-snarf Please verify that you have Guile installed. If you installed Guile |
please help whenever I try to compile with nettle 3.4.1 and gnutls 3.6.8
|
I haven't got this folder, my path terminates at " ics-openconnect/external/openconnect/android/", and there are just some files inside, but no "oath-toolkit-2.6.2", how can I overcome this? |
Run make first, the script will download the dependency, after you will have these files. |
Thank you very much for the quick reply! I forgot to mention that I already tried, but it gives me this error : /opt/android-sdk-linux_x86/android-ndk-r16b/build/tools/make-standalone-toolchain.sh --platform=android-14 --arch=arm --install-dir=/Users/[myFolder]/external/openconnect/android/arm-linux-androideabi/toolchain || Does anyone know how to deal with this? I tried to install the ndk following this guide: "https://gist.github.com/Tydus/11109634", and it seemed to work, but still I get that error. Thanks in advance. |
Hello! I applyed workaround from @ffyliu comment (#51 (comment)) and it works fine on my pixel 3. |
@ffyliu after i apply your workaround still my app is getting crashed. how to fix it any solution |
https://play.google.com/store/apps/details?id=com.github.digitalsoftwaresolutions.openconnect |
|
should i run git checkout master after git submodule update??? |
i tried these but failed!!!! |
git clone https://github.com/NgoHuy/ics-openconnect.git |
Kindly share output logs |
I confirmed that I built with error from openconnect master branch. |
I forgot mention that on archlinux or debian, in external/openconnect/android/Makefile must define |
where has to be changed in that file? |
i added the -fuse-ld=gold at 2 positions where EXTRA_CFLAGS was used but got the same result |
i changed the file you mentioned like this:
|
you should edit this line |
I changed that line to this:
|
did I edit that line correctly? |
does this work on redhat? |
@NgoHuy is this correct? or i have to edit this in another way? |
I'm not sure why it crashed, I use debian and archlinux to build it |
could you please tell me the exact distribution and version you are using so that I can compile the project? |
I use debian and archlinux with latest update |
This still works on Android 13. I had to rename by certs to .jpg as file permissions seemed to only work for "Media" |
I've wasted all the day to build it. So that's the step-by-step instruction.
And the result: |
Mikhail, thank you so much for your contribution.
I asked F-Droid guys to build it according to your instructions.
Thanks again!
ref: https://gitlab.com/fdroid/fdroiddata/-/issues/941
|
Mikhail, ppl, can anyone update the libopenconnect to the latest version?
|
Found another repo, maybe worth moving.
https://gitlab.com/openconnect/ics-openconnect/-/issues/8
|
Indeed, https://gitlab.com/openconnect/ics-openconnect/ is more recent and the patch you refer to is obsolete as far as I can see. |
Of course. When you do |
What do you mean? Build ics-openconnect with the latest version of the lib? What for? |
Gitlab project has the same build problems as the current one. And maybe a little bit more. And all the difference is a new functionality (protocols added). I was need just an openconnect. |
Oh, I see, I wasn't aware it uses submodule, sorry about it. Any way, the OpenConnect library has been maintained in https://gitlab.com/openconnect/openconnect/ for years and 8.0.3 has become obsolete, although I understand it works for you. What way forward would you suggest for the community? |
Dimitri, I think only an openconnect's maintainer has enough knowledge to build android client with the actual version of libopenconnect. It hasn't been built for the x86 arch, for example (v8.0.3) and I've just skipped it. So I suppose there will be a lot of issues if you try to build with the libopenconnect's master. |
That's precisely where I come from: OpenConnect CI jobs do create artefacts that include Android libraries: It's just that:
|
The app crashes when trying to connect on Android 10/OxygenOS.
Seeing the following error in logcat:
libc Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 11944 (OpenVPNManageme), pid 9948 (app.openconnect)
The text was updated successfully, but these errors were encountered: