Red Hat Bugzilla – Bug 122295
Server may cause client to segfault.
Last modified: 2007-11-30 17:10:41 EST
Description of problem:
If the server process handling a particular connection is killed, the
client may segfault after attempting a few more commands. Obviously
the client cannot be expected to work when the server process has been
killed, but under no circumstances may the server cause the client to
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Make sure you have vsftpd running
2. Type: ftp localhost
3. Log in using your username and password
4. In another shell type: killall vsftpd
5. In the ftp session try to execute the dir command three times.
Any reasonable error message
#0 0x00450b42 in _int_malloc () from /lib/tls/libc.so.6
#1 0x0044fe9d in malloc () from /lib/tls/libc.so.6
#2 0x06349d52 in xmalloc () from /usr/lib/libreadline.so.4
#3 0x0634a142 in add_history () from /usr/lib/libreadline.so.4
#4 0x08054075 in ?? ()
#5 0x09cb24d0 in ?? ()
#6 0x09cb24d0 in ?? ()
#7 0x000000c8 in ?? ()
#8 0x00000001 in ?? ()
Unable to duplicate this with ftp-0.17-19 following the given
instructions. Unable to duplicate with 0.17-18 either however.
Are you using /usr/bin/ftp or /usr/kerberos/bin/ftp?
Good point. I tested /usr/kerberos/ftp/bin
The problem is with /usr/bin/ftp. krb5-workstation is not installed on
Duplicated with /usr/bin/ftp. An initial peer through the code doesn't
really explain what is going on.
I had another segfault, which may or may not be the same bug. A
download had stalled for multiple hours, when I eventually killed it
with C-C it dumped core.
#0 0x00621b42 in _int_malloc () from /lib/tls/libc.so.6
#1 0x00620e9d in malloc () from /lib/tls/libc.so.6
#2 0x0060f676 in fdopen@@GLIBC_2.1 () from /lib/tls/libc.so.6
#3 0x0060d5ef in perror () from /lib/tls/libc.so.6
#4 0x006d92b9 in __libc_ptyname2 () from /lib/tls/libc.so.6
I've fixed this for the FC2 errata tree (current FC2 errata). I've not
had time to look at backporting the fix yet