Bug#1005238: xrdp: Flood of error reports to xrdp.log

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1005238: xrdp: Flood of error reports to xrdp.log
From: Hilary Snaden <hilary.snaden@zoho.com>
Date: Wed, 09 Feb 2022 19:43:15 +0000
Message-id: <[🔎] 164443579559.685531.14808556880401852456.reportbug@valhalla.g4ynv.com>
Reply-to: Hilary Snaden <hilary.snaden@zoho.com>, 1005238@bugs.debian.org

Package: xrdp
Version: 0.9.17-2
Severity: normal
X-Debbugs-Cc: hilary.snaden@zoho.com

It has recently become problematical, then impossible, to connect to my xrdp-enabled box. Inspection of xrdp.log found that it had grown to over 2GB in size. Analysis of the timing of the writes by day showed a small spike some six weeks after installation, followed by a rough trend upwards until the last few days, when xrdp has been writing >1 million lines each day to the log.

While writing this email it occurred to me that the size of the log could be the cause of the problem as well as one of the symptoms, and I tried rotating (by hand) the log, saving the nost recent 100 lines as a fresh log. I can now connect to the box.

However, the floods of log writes have resumed, the main parts are these:

[20220209-17:53:45] [ERROR] SSL_accept: I/O error
[20220209-17:53:45] [ERROR] trans_set_tls_mode: ssl_tls_accept failed
[20220209-17:53:45] [ERROR] xrdp_sec_incoming: trans_set_tls_mode failed
[20220209-17:53:45] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20220209-17:53:46] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20220209-17:53:46] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20220209-17:53:46] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed

I'm not yet sure if it is possible for me to add xrdp.log to the rotation system, but I may explore this.

I think I saw a bug report relating to log rotation, but I only scanned the subjects.

(BTW the info below is for a different box, which does not have xrdp installed but which should be largely identical.)

Thanks for your work,
Hilary

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.15.0-3-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xrdp depends on:
ii  adduser              3.118
ii  init-system-helpers  1.61
ii  libc6                2.33-5
ii  libfuse2             2.9.9-5
ii  libjpeg62-turbo      1:2.1.2-1
ii  libopus0             1.3.1-0.1
ii  libpam0g             1.4.0-11
ii  libssl1.1            1.1.1m-1
ii  libx11-6             2:1.7.2-2+b1
ii  libxfixes3           1:6.0.0-1
ii  libxrandr2           2:1.5.2-1
ii  lsb-base             11.1.0
ii  ssl-cert             1.1.2

Versions of packages xrdp recommends:
ii  fuse3 [fuse]  3.10.5-1
pn  xorgxrdp      <none>

Versions of packages xrdp suggests:
pn  guacamole  <none>

Reply to:

Prev by Date: Bug#996286: freerdp2: FTBFS with OpenSSL 3.0
Next by Date: Bug#1005304: xrdp: CVE-2022-23613
Previous by thread: Bug#996286: freerdp2: FTBFS with OpenSSL 3.0
Next by thread: Bug#1005304: xrdp: CVE-2022-23613
Index(es):
- Date
- Thread