122295 – Server may cause client to segfault.

Bug 122295 - Server may cause client to segfault.

Summary: Server may cause client to segfault.

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	ftp
Sub Component:
Version:	1
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Thomas Woerner
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-05-02 19:16 UTC by Kasper Dupont
Modified:	2007-11-30 22:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2004-11-03 11:30:00 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Kasper Dupont 2004-05-02 19:16:39 UTC

Description of problem:
If the server process handling a particular connection is killed, the
client may segfault after attempting a few more commands. Obviously
the client cannot be expected to work when the server process has been
killed, but under no circumstances may the server cause the client to
segfault.

Version-Release number of selected component (if applicable):
ftp-0.17-18

How reproducible:
Happens always

Steps to Reproduce:
1. Make sure you have vsftpd running
2. Type: ftp localhost
3. Log in using your username and password
4. In another shell type: killall vsftpd
5. In the ftp session try to execute the dir command three times.
  
Actual results:
segfault

Expected results:
Any reasonable error message

Additional info:
(gdb) bt
#0  0x00450b42 in _int_malloc () from /lib/tls/libc.so.6
#1  0x0044fe9d in malloc () from /lib/tls/libc.so.6
#2  0x06349d52 in xmalloc () from /usr/lib/libreadline.so.4
#3  0x0634a142 in add_history () from /usr/lib/libreadline.so.4
#4  0x08054075 in ?? ()
#5  0x09cb24d0 in ?? ()
#6  0x09cb24d0 in ?? ()
#7  0x000000c8 in ?? ()
#8  0x00000001 in ?? ()
(gdb)

Comment 1 Alan Cox 2004-05-02 21:13:46 UTC

Unable to duplicate this with ftp-0.17-19 following the given
instructions. Unable to duplicate with 0.17-18 either however.

Comment 2 Thomas Woerner 2004-05-04 07:36:21 UTC

Are you using /usr/bin/ftp or /usr/kerberos/bin/ftp?

Comment 3 Alan Cox 2004-05-04 07:59:44 UTC

Good point. I tested /usr/kerberos/ftp/bin

Comment 4 Kasper Dupont 2004-05-04 18:37:24 UTC

The problem is with /usr/bin/ftp. krb5-workstation is not installed on
my system.

Comment 5 Alan Cox 2004-06-14 15:00:31 UTC

Duplicated with /usr/bin/ftp. An initial peer through the code doesn't
really explain what is going on.

Comment 6 Alan Cox 2004-06-14 15:20:32 UTC

Nailed.

Comment 7 Kasper Dupont 2004-06-26 14:39:56 UTC

I had another segfault, which may or may not be the same bug. A
download had stalled for multiple hours, when I eventually killed it
with C-C it dumped core.

(gdb) bt
#0  0x00621b42 in _int_malloc () from /lib/tls/libc.so.6
#1  0x00620e9d in malloc () from /lib/tls/libc.so.6
#2  0x0060f676 in fdopen@@GLIBC_2.1 () from /lib/tls/libc.so.6
#3  0x0060d5ef in perror () from /lib/tls/libc.so.6
#4  0x006d92b9 in __libc_ptyname2 () from /lib/tls/libc.so.6
(gdb)

Comment 8 Alan Cox 2004-06-26 16:48:55 UTC

I've fixed this for the FC2 errata tree (current FC2 errata). I've not
had time to look at backporting the fix yet

Note You need to log in before you can comment on or make changes to this bug.