Bug 119136 - CAN-2004-2259 vsftpd is very secure but not very stable
CAN-2004-2259 vsftpd is very secure but not very stable
Product: Fedora
Classification: Fedora
Component: vsftpd (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Mike McLean
Depends On:
  Show dependency treegraph
Reported: 2004-03-25 08:57 EST by Olivier Baudron
Modified: 2014-03-16 22:43 EDT (History)
1 user (show)

See Also:
Fixed In Version: 1.2.1-4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-04-28 23:03:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Fix block/unblock signal bug (1.54 KB, text/plain)
2004-03-25 08:59 EST, Olivier Baudron
no flags Details

  None (edit)
Description Olivier Baudron 2004-03-25 08:57:22 EST
There is a signal handle problem in vsftpd-1.2.1-2.

The SIGCHLD handle is a complexe function with malloc()s and free()s
inside. Neither malloc() nor free() is re-entrant, so the SIGCHLD
signal must be caught only at safe locations.

This is not the case:

// Pseudo-code
    socket = my_accept(...)

    my_accept(...) {
        malloc(...)   // BUG: may be interrupted!
        free(...)     // BUG: may be interrupted!
// End

The unblock/block mecanism must be used more strictly around the
blocking systems calls. A patch follows. Hopefully, it will fix
bug 109933.
Comment 1 Olivier Baudron 2004-03-25 08:59:47 EST
Created attachment 98850 [details]
Fix block/unblock signal bug
Comment 2 Olivier Baudron 2004-04-28 04:46:53 EDT
I reported the problem to the author and the issue has been fixed in
the new upstream release 1.2.2. The patch is a bit different of mine.
Some structures have been rewritten so that malloc() and free() are
not used  in the "accept" routine.
Comment 3 Bill Nottingham 2004-04-28 23:03:36 EDT
This is patched in 1.2.1-4.
Comment 4 John Flanagan 2004-05-11 23:20:40 EDT
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.