553479 – vsftpd segfaults with passive mode and SSL

Bug 553479 - vsftpd segfaults with passive mode and SSL

Summary: vsftpd segfaults with passive mode and SSL

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	vsftpd
Sub Component:
Version:	12
Hardware:	All
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Jiri Skala
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	517000 555321
TreeView+	depends on / blocked

Reported:	2010-01-08 00:22 UTC by Robert Hancock
Modified:	2014-11-09 22:32 UTC (History)
CC List:	3 users (show)
Fixed In Version:	vsftpd-2.2.2-1.fc12
Clone Of:
Clones:	555321 (view as bug list)
Environment:
Last Closed:	2010-02-24 06:02:51 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Robert Hancock 2010-01-08 00:22:23 UTC

Description of problem:
vsftpd segfaults when a client attempts to enter passive mode using encryption.

Version-Release number of selected component (if applicable):
vsftpd-2.2.0-6.fc12.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure vsftpd as below. Note that the SELinux policy workaround in bug 537428 must be applied, otherwise an SELinux denial stops things before this point.
2. Attempt to log in using Filezilla
3.
  
Actual results:
vsftpd[14285]: segfault at 0 ip 00007f97a2f039a6 sp 00007fff0c8ed1c0 error 4 in vsftpd[7f97a2eeb000+25000]

Expected results:
No segfault

Additional info:
Below are are the changes I've made to the default config. I'm not sure how to get vsftpd to not daemonize so that I can attach gdb or generate a core file..

15c15
< local_enable=YES
---
> #local_enable=YES
27c27
< #anon_upload_enable=YES
---
> anon_upload_enable=YES
55c55
< xferlog_std_format=YES
---
> #xferlog_std_format=YES
84c84
< #ftpd_banner=Welcome to blah FTP service.
---
> ftpd_banner=Welcome to Rob's FTP service.
95d94
< #chroot_local_user=YES
118a118,131
> listen_port=2121
> pasv_min_port=2122
> pasv_max_port=2199
> max_per_ip=2
> pasv_address=(censored)
> ssl_enable=YES
> rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem
> allow_anon_ssl=YES
> force_anon_logins_ssl=YES
> force_anon_data_ssl=YES
> anon_world_readable_only=YES
> log_ftp_protocol=YES
> secure_email_list_enable=YES
> anon_max_rate=70000

Comment 1 Fedora Update System 2010-01-14 14:14:09 UTC

vsftpd-2.2.2-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/vsftpd-2.2.2-1.fc12

Comment 2 Jiri Skala 2010-01-14 14:14:21 UTC

Fixes rebase to vsftpd-2.2.2

Comment 3 Fedora Update System 2010-01-15 22:15:15 UTC

vsftpd-2.2.2-1.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update vsftpd'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-0637

Comment 4 Fedora Update System 2010-02-24 06:02:46 UTC

vsftpd-2.2.2-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.