Bug 122295 - Server may cause client to segfault.
Server may cause client to segfault.
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: ftp (Show other bugs)
1
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-05-02 15:16 EDT by Kasper Dupont
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-11-03 06:30:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kasper Dupont 2004-05-02 15:16:39 EDT
Description of problem:
If the server process handling a particular connection is killed, the
client may segfault after attempting a few more commands. Obviously
the client cannot be expected to work when the server process has been
killed, but under no circumstances may the server cause the client to
segfault.

Version-Release number of selected component (if applicable):
ftp-0.17-18

How reproducible:
Happens always

Steps to Reproduce:
1. Make sure you have vsftpd running
2. Type: ftp localhost
3. Log in using your username and password
4. In another shell type: killall vsftpd
5. In the ftp session try to execute the dir command three times.
  
Actual results:
segfault

Expected results:
Any reasonable error message

Additional info:
(gdb) bt
#0  0x00450b42 in _int_malloc () from /lib/tls/libc.so.6
#1  0x0044fe9d in malloc () from /lib/tls/libc.so.6
#2  0x06349d52 in xmalloc () from /usr/lib/libreadline.so.4
#3  0x0634a142 in add_history () from /usr/lib/libreadline.so.4
#4  0x08054075 in ?? ()
#5  0x09cb24d0 in ?? ()
#6  0x09cb24d0 in ?? ()
#7  0x000000c8 in ?? ()
#8  0x00000001 in ?? ()
(gdb)
Comment 1 Alan Cox 2004-05-02 17:13:46 EDT
Unable to duplicate this with ftp-0.17-19 following the given
instructions. Unable to duplicate with 0.17-18 either however.

Comment 2 Thomas Woerner 2004-05-04 03:36:21 EDT
Are you using /usr/bin/ftp or /usr/kerberos/bin/ftp?
Comment 3 Alan Cox 2004-05-04 03:59:44 EDT
Good point. I tested /usr/kerberos/ftp/bin
Comment 4 Kasper Dupont 2004-05-04 14:37:24 EDT
The problem is with /usr/bin/ftp. krb5-workstation is not installed on
my system.
Comment 5 Alan Cox 2004-06-14 11:00:31 EDT
Duplicated with /usr/bin/ftp. An initial peer through the code doesn't
really explain what is going on.
Comment 6 Alan Cox 2004-06-14 11:20:32 EDT
Nailed.
Comment 7 Kasper Dupont 2004-06-26 10:39:56 EDT
I had another segfault, which may or may not be the same bug. A
download had stalled for multiple hours, when I eventually killed it
with C-C it dumped core.

(gdb) bt
#0  0x00621b42 in _int_malloc () from /lib/tls/libc.so.6
#1  0x00620e9d in malloc () from /lib/tls/libc.so.6
#2  0x0060f676 in fdopen@@GLIBC_2.1 () from /lib/tls/libc.so.6
#3  0x0060d5ef in perror () from /lib/tls/libc.so.6
#4  0x006d92b9 in __libc_ptyname2 () from /lib/tls/libc.so.6
(gdb) 
Comment 8 Alan Cox 2004-06-26 12:48:55 EDT
I've fixed this for the FC2 errata tree (current FC2 errata). I've not
had time to look at backporting the fix yet

Note You need to log in before you can comment on or make changes to this bug.