Bug 845036

Summary: ftp crashes if server response with 500 OOPS: vsf_sysutil_bind while commands are sent too quickly
Product: Red Hat Enterprise Linux 5 Reporter: Dalibor Pospíšil <dapospis>
Component: krb5Assignee: Robbie Harwood <rharwood>
Status: CLOSED WONTFIX QA Contact: Patrik Kis <pkis>
Severity: low Docs Contact:
Priority: low    
Version: 5.9CC: dpal, jplans, ksrot, nalin, ovasik, pkis, rharwood
Target Milestone: rcFlags: rharwood: needinfo-
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-04 20:41:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1049888    
Attachments:
Description Flags
Reproducer none

Description Dalibor Pospíšil 2012-08-01 14:47:21 UTC 
Description of problem:
ftp client crashes if server responses with 
500 OOPS: vsf_sysutil_bind
Passive mode refused.  Turning off passive mode.
500 OOPS: child died
421 Service not available, remote server has closed connection
While reqeuests went too quickly.
See TCMS test case or /CoreOS/ftp/Sanity/ftp-crash-on-OOPS-while-flooding

Version-Release number of selected component (if applicable):
ftp-0.17-37.el5

How reproducible:
always

Steps to Reproduce:
1. see https://tcms.engineering.redhat.com/case/184266
  
Actual results:
ftp> ls
500 OOPS: vsf_sysutil_bind
Passive mode refused.  Turning off passive mode.
500 OOPS: child died
421 Service not available, remote server has closed connection
ftp> bye
*** glibc detected *** ftp: corrupted double-linked list: 0x00002b0f81b34ec0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x2b0f7745b155]
/lib64/libc.so.6(cfree+0x4b)[0x2b0f7745f28b]
ftp[0x2b0f75611847]
ftp(main+0x410)[0x2b0f756122e0]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x2b0f774079c4]
ftp[0x2b0f75605179]
======= Memory map: ========
2b0f755ff000-2b0f75618000 r-xp 00000000 fd:00 3994587                    /usr/kerberos/bin/ftp
2b0f75818000-2b0f7581b000 rw-p 00019000 fd:00 3994587                    /usr/kerberos/bin/ftp
2b0f7581b000-2b0f75848000 rw-p 2b0f7581b000 00:00 0 
2b0f75848000-2b0f75864000 r-xp 00000000 fd:00 7496569                    /lib64/ld-2.5.so
2b0f75864000-2b0f75867000 rw-p 2b0f75864000 00:00 0 
2b0f75868000-2b0f7586a000 rw-p 2b0f75868000 00:00 0 
2b0f758b0000-2b0f758f5000 rw-p 2b0f758b0000 00:00 0 
2b0f75a64000-2b0f75a65000 r--p 0001c000 fd:00 7496569                    /lib64/ld-2.5.so
2b0f75a65000-2b0f75a66000 rw-p 0001d000 fd:00 7496569                    /lib64/ld-2.5.so
2b0f75a66000-2b0f75a92000 r-xp 00000000 fd:00 3743965                    /usr/lib64/libgssapi_krb5.so.2.2
2b0f75a92000-2b0f75c92000 ---p 0002c000 fd:00 3743965                    /usr/lib64/libgssapi_krb5.so.2.2
2b0f75c92000-2b0f75c94000 rw-p 0002c000 fd:00 3743965                    /usr/lib64/libgssapi_krb5.so.2.2
2b0f75c94000-2b0f75cae000 r-xp 00000000 fd:00 3744058                    /usr/lib64/libkrb4.so.2.0
2b0f75cae000-2b0f75ead000 ---p 0001a000 fd:00 3744058                    /usr/lib64/libkrb4.so.2.0
2b0f75ead000-2b0f75eaf000 rw-p 00019000 fd:00 3744058                    /usr/lib64/libkrb4.so.2.0
2b0f75eaf000-2b0f75eb4000 rw-p 2b0f75eaf000 00:00 0 
2b0f75eb4000-2b0f75eb7000 r-xp 00000000 fd:00 3739652                    /usr/lib64/libdes425.so.3.0
2b0f75eb7000-2b0f760b6000 ---p 00003000 fd:00 3739652                    /usr/lib64/libdes425.so.3.0
2b0f760b6000-2b0f760b7000 rw-p 00002000 fd:00 3739652                    /usr/lib64/libdes425.so.3.0
2b0f760b7000-2b0f760b8000 rw-p 2b0f760b7000 00:00 0 
2b0f760b8000-2b0f76149000 r-xp 00000000 fd:00 3743704                    /usr/lib64/libkrb5.so.3.3
2b0f76149000-2b0f76349000 ---p 00091000 fd:00 3743704                    /usr/lib64/libkrb5.so.3.3
2b0f76349000-2b0f7634d000 rw-p 00091000 fd:00 3743704                    /usr/lib64/libkrb5.so.3.3
2b0f7634d000-2b0f76371000 r-xp 00000000 fd:00 3743700                    /usr/lib64/libk5crypto.so.3.1
2b0f76371000-2b0f76570000 ---p 00024000 fd:00 3743700                    /usr/lib64/libk5crypto.so.3.1
2b0f76570000-2b0f76572000 rw-p 00023000 fd:00 3743700                    /usr/lib64/libk5crypto.so.3.1
2b0f76572000-2b0f76574000 r-xp 00000000 fd:00 7496898                    /lib64/libcom_err.so.2.1
2b0f76574000-2b0f76773000 ---p 00002000 fd:00 7496898                    /lib64/libcom_err.so.2.1
2b0f76773000-2b0f76774000 rw-p 00001000 fd:00 7496898                    /lib64/libcom_err.so.2.1
2b0f76774000-2b0f76775000 rw-p 2b0f76774000 00:00 0 
2b0f76775000-2b0f7677d000 r-xp 00000000 fd:00 3743698                    /usr/lib64/libkrb5support.so.0.1
2b0f7677d000-2b0f7697c000 ---p 00008000 fd:00 3743698                    /usr/lib64/libkrb5support.so.0.1
2b0f7697c000-2b0f7697d000 rw-p 00007000 fd:00 3743698                    /usr/lib64/libkrb5support.so.0.1
2b0f7697d000-2b0f76986000 r-xp 00000000 fd:00 7496893                    /lib64/libcrypt-2.5.so
2b0f76986000-2b0f76b85000 ---p 00009000 fd:00 7496893                    /lib64/libcrypt-2.5.so
2b0f76b85000-2b0f76b86000 r--p 00008000 fd:00 7496893                    /lib64/libcrypt-2.5.so
2b0f76b86000-2b0f76b87000 rw-p 00009000 fd:00 7496893                    /lib64/libcrypt-2.5.so



Expected results:
ftp> ls
500 OOPS: vsf_sysutil_bind
Passive mode refused.  Turning off passive mode.
500 OOPS: child died
421 Service not available, remote server has closed connection
ftp> bye
$
Comment 1 Jan Synacek 2012-08-02 09:06:11 UTC 
Created attachment 601906 [details]
Reproducer

I can't reproduce this issue. I'm getting the "OOPS", but ftp doesn't crash. I tried both ftp and the kerberized version (/usr/kerberos/bin/ftp).

I also noticed that there is the kerberzied version in the backtrace. Can you please try again with plain ftp?
Comment 2 Dalibor Pospíšil 2012-08-02 09:25:56 UTC 
Ok, I checked /usr/bin/ftp and the issue is not there. I'm changing the component, affected package is krb5-workstation-1.6.1-70.el5.
Comment 3 RHEL Program Management 2014-01-22 16:33:33 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 10 RHEL Program Management 2014-07-16 00:27:14 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 11 Robbie Harwood 2015-11-09 19:51:09 UTC 
(Future me, please note: the package in question here is in fact krb5; ftp is provided by krb5-workstation in RHEL-5, not krb5-appl.)
Comment 12 Chris Williams 2017-04-04 20:41:37 UTC 
Red Hat Enterprise Linux 5 shipped it's last minor release, 5.11, on September 14th, 2014. On March 31st, 2017 RHEL 5 exits Production Phase 3 and enters Extended Life Phase. For RHEL releases in the Extended Life Phase, Red Hat  will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.  If the customer purchases the Extended Life-cycle Support (ELS), certain critical-impact security fixes and selected urgent priority bug fixes for the last minor release will be provided.  The specific support and services provided during each phase are described in detail at http://redhat.com/rhel/lifecycle

This BZ does not appear to meet ELS criteria so is being closed WONTFIX. If this BZ is critical for your environment and you have an Extended Life-cycle Support Add-on entitlement, please open a case in the Red Hat Customer Portal, https://access.redhat.com ,provide a thorough business justification and ask that the BZ be re-opened for consideration of an errata. Please note, only certain critical-impact security fixes and selected urgent priority bug fixes for the last minor release can be considered.