Red Hat Bugzilla – Bug 119136
CAN-2004-2259 vsftpd is very secure but not very stable
Last modified: 2014-03-16 22:43:35 EDT
There is a signal handle problem in vsftpd-1.2.1-2.
The SIGCHLD handle is a complexe function with malloc()s and free()s
inside. Neither malloc() nor free() is re-entrant, so the SIGCHLD
signal must be caught only at safe locations.
This is not the case:
socket = my_accept(...)
malloc(...) // BUG: may be interrupted!
free(...) // BUG: may be interrupted!
The unblock/block mecanism must be used more strictly around the
blocking systems calls. A patch follows. Hopefully, it will fix
Created attachment 98850 [details]
Fix block/unblock signal bug
I reported the problem to the author and the issue has been fixed in
the new upstream release 1.2.2. The patch is a bit different of mine.
Some structures have been rewritten so that malloc() and free() are
not used in the "accept" routine.
This is patched in 1.2.1-4.
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.