There is a signal handle problem in vsftpd-1.2.1-2. The SIGCHLD handle is a complexe function with malloc()s and free()s inside. Neither malloc() nor free() is re-entrant, so the SIGCHLD signal must be caught only at safe locations. This is not the case: // Pseudo-code standalone.c: unblock_signal(SIGCHLD) socket = my_accept(...) block_signal(SIGCHLD) sysutil.c: my_accept(...) { malloc(...) // BUG: may be interrupted! free(...) // BUG: may be interrupted! accept(...) } // End The unblock/block mecanism must be used more strictly around the blocking systems calls. A patch follows. Hopefully, it will fix bug 109933.
Created attachment 98850 [details] Fix block/unblock signal bug
I reported the problem to the author and the issue has been fixed in the new upstream release 1.2.2. The patch is a bit different of mine. Some structures have been rewritten so that malloc() and free() are not used in the "accept" routine.
This is patched in 1.2.1-4.
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2004-164.html