Bug 820745 - ftp coredumps if debug is turned on in .netrc init macro
ftp coredumps if debug is turned on in .netrc init macro
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: krb5 (Show other bugs)
5.7
x86_64 Unspecified
unspecified Severity low
: rc
: ---
Assigned To: Nalin Dahyabhai
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-10 16:39 EDT by Tom Sorensen
Modified: 2012-06-04 12:04 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-04 12:04:04 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tom Sorensen 2012-05-10 16:39:11 EDT
Description of problem:
If .netrc has debug and 'type binary' in the init macro then it core dumps when you try to send a file.

$ cat .netrc
machine XX.YY.ZZ.WW
macdef  init
        debug
        type binary

$ ftp XX.YY.ZZ.WW
Connected to XX.YY.ZZ.WW.
220 Microsoft FTP Service
500 'AUTH GSSAPI': command not understood
500 'AUTH KERBEROS_V4': command not understood
KERBEROS_V4 rejected as an authentication type
Name (57.30.144.10:bmgr): tsorensen
331 Password required for tsorensen.
Password:
230 User tsorensen logged in.
debug
Debugging on (debug=1).
type binary
---> TYPE I
200 Type set to I.
cmds.c:284: verbose=1 debug=1 overbose=1
---> SYST
215 Windows_NT
Remote system type is Windows_NT.
ftp> put tmp.log
*** glibc detected *** ftp: double free or corruption (fasttop): 0x00002b536024e970 ***
======= Backtrace: =========
/lib64/libc.so.6[0x2b534353a45f]
/lib64/libc.so.6[0x2b534353c782]
/lib64/libc.so.6(realloc+0x102)[0x2b534353d3e2]
ftp[0x2b53416efb2e]
ftp(main+0x3d2)[0x2b53416f0262]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x2b53434e5994]
ftp[0x2b53416e3179]
======= Memory map: ========
2b53416dd000-2b53416f6000 r-xp 00000000 fd:04 2342926                    /usr/kerberos/bin/ftp
2b53418f6000-2b53418f9000 rw-p 00019000 fd:04 2342926                    /usr/kerberos/bin/ftp
2b53418f9000-2b5341926000 rw-p 2b53418f9000 00:00 0
2b5341926000-2b5341942000 r-xp 00000000 fd:00 3096578                    /lib64/ld-2.5.so
2b5341942000-2b5341948000 rw-p 2b5341942000 00:00 0
2b534198e000-2b53419d2000 rw-p 2b534198e000 00:00 0
2b5341b42000-2b5341b43000 r--p 0001c000 fd:00 3096578                    /lib64/ld-2.5.so
2b5341b43000-2b5341b44000 rw-p 0001d000 fd:00 3096578                    /lib64/ld-2.5.so
2b5341b44000-2b5341b70000 r-xp 00000000 fd:04 3588477                    /usr/lib64/libgssapi_krb5.so.2.2
2b5341b70000-2b5341d70000 ---p 0002c000 fd:04 3588477                    /usr/lib64/libgssapi_krb5.so.2.2
2b5341d70000-2b5341d72000 rw-p 0002c000 fd:04 3588477                    /usr/lib64/libgssapi_krb5.so.2.2
2b5341d72000-2b5341d8c000 r-xp 00000000 fd:04 3588690                    /usr/lib64/libkrb4.so.2.0
2b5341d8c000-2b5341f8b000 ---p 0001a000 fd:04 3588690                    /usr/lib64/libkrb4.so.2.0
2b5341f8b000-2b5341f8d000 rw-p 00019000 fd:04 3588690                    /usr/lib64/libkrb4.so.2.0
2b5341f8d000-2b5341f92000 rw-p 2b5341f8d000 00:00 0
2b5341f92000-2b5341f95000 r-xp 00000000 fd:04 3555673                    /usr/lib64/libdes425.so.3.0
2b5341f95000-2b5342194000 ---p 00003000 fd:04 3555673                    /usr/lib64/libdes425.so.3.0
2b5342194000-2b5342195000 rw-p 00002000 fd:04 3555673                    /usr/lib64/libdes425.so.3.0
2b5342195000-2b5342196000 rw-p 2b5342195000 00:00 0
2b5342196000-2b5342228000 r-xp 00000000 fd:04 3588579                    /usr/lib64/libkrb5.so.3.3
2b5342228000-2b5342427000 ---p 00092000 fd:04 3588579                    /usr/lib64/libkrb5.so.3.3
2b5342427000-2b534242b000 rw-p 00091000 fd:04 3588579                    /usr/lib64/libkrb5.so.3.3
2b534242b000-2b534244f000 r-xp 00000000 fd:04 3556034                    /usr/lib64/libk5crypto.so.3.1
2b534244f000-2b534264e000 ---p 00024000 fd:04 3556034                    /usr/lib64/libk5crypto.so.3.1
2b534264e000-2b5342650000 rw-p 00023000 fd:04 3556034                    /usr/lib64/libk5crypto.so.3.1
2b5342650000-2b5342652000 r-xp 00000000 fd:00 3096758                    /lib64/libcom_err.so.2.1
2b5342652000-2b5342851000 ---p 00002000 fd:00 3096758                    /lib64/libcom_err.so.2.1
2b5342851000-2b5342852000 rw-p 00001000 fd:00 3096758                    /lib64/libcom_err.so.2.1
2b5342852000-2b5342853000 rw-p 2b5342852000 00:00 0
2b5342853000-2b534285b000 r-xp 00000000 fd:04 3588734                    /usr/lib64/libkrb5support.so.0.1
2b534285b000-2b5342a5a000 ---p 00008000 fd:04 3588734                    /usr/lib64/libkrb5support.so.0.1
2b5342a5a000-2b5342a5b000 rw-p 00007000 fd:04 3588734                    /usr/lib64/libkrb5support.so.0.1
2b5342a5b000-2b5342a64000 r-xp 00000000 fd:00 3096759                    /lib64/libcrypt-2.5.so
2b5342a64000-2b5342c63000 ---p 00009000 fd:00 3096759                    /lib64/libcrypt-2.5.so
2b5342c63000-2b5342c64000 r--p 00008000 fd:00 3096759                    /lib64/libcrypt-2.5.so
2b5342c64000-2b5342c65000 rw-p 00009000 fd:00 3096759                    /lib64/libcrypt-2.5.so
2b5342c65000-2b5342c93000 rw-p 2b5342c65000 00:00 0
2b5342c93000-2b5342c95000 r-xp 00000000 fd:00 3096790                    /lib64/libkeyutils-1.2.so
2b5342c95000-2b5342e94000 ---p 00002000 fd:00 3096790                    /lib64/libkeyutils-1.2.so
2b5342e94000-2b5342e95000 rw-p 00001000 fd:00 3096790                    /lib64/libkeyutils-1.2.so
2b5342e95000-2b5342e96000 rw-p 2b5342e95000 00:00 0
2b5342e96000-2b5342ea7000 r-xp 00000000 fd:00 3096627                    /lib64/libresolv-2.5.so
2b5342ea7000-2b53430a7000 ---p 00011000 fd:00 3096627                    /lib64/libresolv-2.5.so
2b53430a7000-2b53430a8000 r--p 00011000 fd:00 3096627                    /lib64/libresolv-2.5.so
2b53430a8000-2b53430a9000 rw-p 00012000 fd:00 3096627                    /lib64/libresolv-2.5.so
2b53430a9000-2b53430ab000 rw-p 2b53430a9000 00:00 0
2b53430ab000-2b53430c0000 r-xp 00000000 fd:00 3096817                    /lib64/libselinux.so.1
2b53430c0000-2b53432c0000 ---p 00015000 fd:00 3096817                    /lib64/libselinux.so.1
2b53432c0000-2b53432c2000 rw-p 00015000 fd:00 3096817                    /lib64/libselinux.so.1
2b53432c2000-2b53432c3000 rw-p 2b53432c2000 00:00 0
2b53432c3000-2b53432c5000 r-xp 00000000 fd:00 3096771                    /lib64/libdl-2.5.so
2b53432c5000-2b53434c5000 ---p 00002000 fd:00 3096771                    /lib64/libdl-2.5.so
2b53434c5000-2b53434c6000 r--p 00002000 fd:00 3096771                    /lib64/libdl-2.5.so
2b53434c6000-2b53434c7000 rw-p 00003000 fd:00 3096771                    /lib64/libdl-2.5.so
2b53434c7000-2b53434c8000 rw-p 2b53434c7000 00:00 0
2b53434c8000-2b5343616000 r-xp 00000000 fd:00 3096754                    /lib64/libc-2.5.so
2b5343616000-2b5343816000 ---p 0014e000 fd:00 3096754                    /lib64/libc-2.5.so
2b5343816000-2b534381a000 r--p 0014e000 fd:00 3096754                    /lib64/libc-2.5.so
2b534381a000-2b534381b000 rw-p 00152000 fd:00 3096754                    /lib64/libc-2.5.so
2b534381b000-2b5343820000 rw-p 2b534381b000 00:00 0
2b5343820000-2b534385b000 r-xp 00000000 fd:00 3096630                    /lib64/libsepol.so.1
2b534385b000-2b5343a5b000 ---p 0003b000 fd:00 3096630                    /lib64/libsepol.so.1
2b5343a5b000-2b5343a5c000 rw-p 0003b000 fd:00 3096630                    /lib64/libsepol.so.1
2b5343a5c000-2b5343a68000 rw-p 2b5343a5c000 00:00 0
2b5343a68000-2b5343a72000 r-xp 00000000 fd:00 3096801                    /lib64/libnss_files-2.5.so
2b5343a72000-2b5343c71000 ---p 0000a000 fd:00 3096801                    /lib64/libnss_files-2.5.so
2b5343c71000-2b5343c72000 r--p 00009000 fd:00 3096801                    /lib64/libnss_files-2.5.so
2b5343c72000-2b5343c73000 rw-p 0000a000 fd:00 3096801                    /lib64/libnss_files-2.5.so
2b5343c73000-2b5343c80000 r-xp 00000000 fd:00 3096606                    /lib64/libgcc_s-4.1.2-20080825.so.1
2b5343c80000-2b5343e80000 ---p 0000d000 fd:00 3096606                    /lib64/libgcc_s-4.1.2-20080825.so.1
2b5343e80000-2b5343e81000 rw-p 0000d000 fd:00 3096606                    /lib64/libgcc_s-4.1.2-20080825.so.1
2b5344000000-2b5344021000 rw-p 2b5344000000 00:00 0
2b5344021000-2b5348000000 ---p 2b5344021000 00:00 0
2b535f6f9000-2b53602b4000 rw-p 2b535f6f9000 00:00 0                      [heap]
7fffab7c2000-7fffab816000 rw-p 7ffffffaa000 00:00 0                      [stack]
7fffab840000-7fffab843000 r-xp 7fffab840000 00:00 0                      [vdso]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0                  [vsyscall]
Aborted


Version-Release number of selected component (if applicable):
krb5-workstation-1.6.1-62.el5


How reproducible:
Always

Steps to Reproduce:
1. Create .netrc as above
2. ftp to remote system
3. put a file
  
Actual results:
coredump

Expected results:
file transfers

Additional info:
Does not occur unless both lines are in .netrc -- doing the commands manually after connection does not result in error. Order does not matter.

I have not tested with non-Windows ftp servers, nor with 5.8.
Comment 1 Jan Synacek 2012-05-25 06:07:23 EDT
Reproduced on 5.7 using ftpd and localhost connection.

I could NOT reproduce this in 5.8.
Comment 3 Jan Synacek 2012-06-04 08:17:41 EDT
Only kerberized version found in krb5-workstation is affected, switching component to krb5.
Comment 4 Nalin Dahyabhai 2012-06-04 12:04:04 EDT
This was fixed in 5.8, as bug #735363 and as bug #736132.  Marking as fixed in the current release.

Note You need to log in before you can comment on or make changes to this bug.