+++ This bug was initially created as a clone of Bug #1222386 +++ Description of problem: Vsftpd crashes while parsing the conf Version-Release number of selected component (if applicable): latest Actual results: vsftpd crahes Expected results: vsftpd should not crash Additional info: --- Additional comment from Susant Sahani on 2015-05-18 08:16:59 CEST --- (gdb) bt #0 vsf_sysutil_strndup (p_str=0x7f99431e3311 "", p_len=4294967295) at sysutil.c:1056 #1 0x00007f994191544c in vsf_parseconf_load_setting (p_setting=<value optimized out>, errs_fatal=<value optimized out>) at parseconf.c:280 #2 0x00007f99419156ab in vsf_parseconf_load_file (p_filename=<value optimized out>, errs_fatal=1) at parseconf.c:243 #3 0x00007f994190b138 in main (argc=2, argv=0x7fff18596218) at main.c:93 (gdb) f 0 #0 vsf_sysutil_strndup (p_str=0x7f99431e3311 "", p_len=4294967295) at sysutil.c:1056 1056 new[p_len]='\0'; (gdb) p new[p_len] Cannot access memory at address 0x7f9a431e324f <========= crashing because of bad/corrupt address. (gdb) p new $1 = 0x7f99431e3250 "" --- Additional comment from Susant Sahani on 2015-05-18 09:57:39 CEST --- This crashing because the parser is not able to interpret that nothing after this conf value. ~~~ ftpd_banner= ~~~ and a tab space after the '='
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Fixed in: vsftpd-3.0.3-2.fc23 Patch: http://pkgs.fedoraproject.org/cgit/rpms/vsftpd.git/diff/vsftpd-2.2.2-blank-chars-overflow.patch?h=f23
vsftpd-3.0.3-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-61c40f55a7
vsftpd-3.0.3-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-61c40f55a7
vsftpd-3.0.3-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.