Bug 99310 - LTC3487 - ftp causes segmentation fault
LTC3487 - ftp causes segmentation fault
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: krb5 (Show other bugs)
3.0
powerpc Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On:
Blocks: RHEL3U8CanFix
  Show dependency treegraph
 
Reported: 2003-07-17 09:15 EDT by Kaena Freitas
Modified: 2007-11-30 17:06 EST (History)
2 users (show)

See Also:
Fixed In Version: RHBA-2006-0404
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-20 10:59:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Workaround patch for ftp, while I track the issue to its core. (432 bytes, text/plain)
2003-09-25 17:13 EDT, Olof Johansson
no flags Details
"segfault.patch" (2.94 KB, text/plain)
2005-10-31 19:55 EST, IBM Bug Proxy
no flags Details

  None (edit)
Description Kaena Freitas 2003-07-17 09:15:34 EDT
Summary: ftp cause segmentation fault
            Vendor: Red Hat Linux for pSeries
           Version: Other
          Platform: pSeries
      Architecture: PPC-64
Submitting Project: pSeries Test
 Customer Priority: P3
       Owning Team: pSeries
    OSC Acceptance: N/S
   Customer Status: N/S
     Required Date: 0000-00-00 00:00:00
       Target Date: 2000-00-00 00:00:00
     Make External: NO
            Status: OPEN
     Test Activity: -----------------------
    Reported Phase: Generally Available
Technical Severity: normal
 Engineer Priority: P2
         Component: Network
             Owner: kaena@us.ibm.com
       SubmittedBy: penghb@cn.ibm.com
         QAContact: olof@us.ibm.com
                CC: davidyao@cn.ibm.com,gaoming@cn.ibm.com,rende@cn.ibm.com,
                    xucheng@cn.ibm.com


Please fill in each of the sections below.

Hardware Environment:

Software Environment:
RHEL3 A4
Kernel 2.4.20-1.1931.2.231.2.11.ent

Steps to Reproduce:
1. Setup a ftp server and create account for login
2. Open a terminal, and use ftp to connect the ftp server
3. Login with a wrong password or there is no configuration in $HOME/.netrc
4. Type "dir" and press ENTER. Now it will report:
        530 Not logged in.
        Passive mode refused.  Turning off passive mode.
        530 Not logged in.
        ftp: bind: Address already in use
5. Login with the correct password
6. Send ftp command "dir", "bin", "prom", "mget *". Then we get a segmentation 
fault in fgets.

Actual Results:

Expected Results:
   Although the first login is wrong, and the first "dir" is useless, the user 
can continue all the operation after he login with the correct userid and 
password.

Additional Information:
   I have test with some kind of ftp server including proftpd, vsftpd, serv-u. 
All failed with the segment fault.
Comment 1 Kaena Freitas 2003-07-17 09:16:47 EDT
ende@cn.ibm.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |zhouwu@cn.ibm.com




------- Additional Comments From rende@cn.ibm.com  2003-17-07 03:14 -------
Hi, 
looks like caused by the kerberized ftp client on RHEL 3. (we installed almost 
everything).  "/usr/bin/ftp" doesn't have this problem.

[root@plinuxt81 vsftpd]# which ftp
/usr/kerberos/bin/ftp
[root@plinuxt81 vsftpd]# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/
usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin:/usr/lib/java/bin:/usr/local/staf/bin
[root@plinuxt81 vsftpd]#


To recreate it, we can ftp with correct userid/passwd, followed by:
 1. passive (let passive mode off)
 2. dir
 3. mget *

"strace ftp <ftp_server>" shows:

read(0, mget *.log
"mget *.log\n", 1024)           = 11
rt_sigaction(SIGINT, {0x10005918, [INT], SA_RESTART}, {0x10011548, [INT], 
SA_RESTART}, 8) = 0
umask(077)                              = 022
gettimeofday({1058396059, 640176}, NULL) = 0
getpid()                                = 6491
open("/tmp/ftpwleSXU", O_RDWR|O_CREAT|O_EXCL, 0600) = 4
umask(022)                              = 077
dup(4)                                  = 5
rt_sigaction(SIGINT, {0x1000c700, [INT], SA_RESTART}, {0x10005918, [INT], 
SA_RESTART}, 8) = 0
access("/tmp/ftpwleSXU", W_OK)          = 0
close(5)                                = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 5
bind(5, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr
("9.181.65.144")}, 16) = 0
getsockname(5, {sa_family=AF_INET, sin_port=htons(32867), sin_addr=inet_addr
("9.181.65.144")}, [16]) = 0
listen(5, 1)                            = 0
rt_sigaction(SIGINT, {0x1000a8b8, [INT], SA_RESTART}, {0x1000c700, [INT], 
SA_RESTART}, 8) = 0
write(3, "PORT 9,181,65,144,128,99\r\n", 26) = 26
rt_sigaction(SIGINT, {0x1000a8b8, [INT], SA_RESTART}, {0x1000a8b8, [INT], 
SA_RESTART}, 8) = 0
read(3, "200 PORT command successful. Con"..., 4096) = 51
rt_sigaction(SIGINT, {0x1000a8b8, [INT], SA_RESTART}, {0x1000a8b8, [INT], 
SA_RESTART}, 8) = 0
rt_sigaction(SIGINT, {0x1000c700, [INT], SA_RESTART}, {0x1000a8b8, [INT], 
SA_RESTART}, 8) = 0
rt_sigaction(SIGINT, {0x1000a8b8, [INT], SA_RESTART}, {0x1000c700, [INT], 
SA_RESTART}, 8) = 0
write(3, "NLST *.log\r\n", 12)          = 12
rt_sigaction(SIGINT, {0x1000a8b8, [INT], SA_RESTART}, {0x1000a8b8, [INT], 
SA_RESTART}, 8) = 0
read(3, "150 Here comes the directory lis"..., 4096) = 39
rt_sigaction(SIGINT, {0x1000a8b8, [INT], SA_RESTART}, {0x1000a8b8, [INT], 
SA_RESTART}, 8) = 0
rt_sigaction(SIGINT, {0x1000c700, [INT], SA_RESTART}, {0x1000a8b8, [INT], 
SA_RESTART}, 8) = 0
accept(5, {sa_family=AF_INET, sin_port=htons(20), sin_addr=inet_addr
("9.181.67.73")}, [16]) = 6
close(5)                                = 0
setsockopt(6, SOL_IP, IP_TOS, [8], 4)   = 0
fcntl64(6, F_GETFL)                     = 0x2 (flags O_RDWR)
fstat64(6, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x4001e000
_llseek(6, 0, 0xffffc278, SEEK_CUR)     = -1 ESPIPE (Illegal seek)
open("/tmp/ftpwleSXU", O_WRONLY|O_APPEND|O_CREAT|O_LARGEFILE, 0666) = 5
fstat64(5, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x4001f000
fstat64(5, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
_llseek(5, 0, [0], SEEK_SET)            = 0
fstat64(5, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
gettimeofday({1058396059, 654337}, NULL) = 0
read(6, "install.log\r\n", 1024)        = 13
read(6, "", 1024)                       = 0
write(5, "install.log\n", 12)           = 12
close(5)                                = 0
munmap(0x4001f000, 4096)                = 0
rt_sigaction(SIGINT, {0x10005918, [INT], SA_RESTART}, {0x1000c700, [INT], 
SA_RESTART}, 8) = 0
gettimeofday({1058396059, 655007}, NULL) = 0
close(6)                                = 0
munmap(0x4001e000, 4096)                = 0
rt_sigaction(SIGINT, {0x1000a8b8, [INT], SA_RESTART}, {0x10005918, [INT], 
SA_RESTART}, 8) = 0
read(3, "226 Directory send OK.\r\n", 4096) = 24
rt_sigaction(SIGINT, {0x10005918, [INT], SA_RESTART}, {0x1000a8b8, [INT], 
SA_RESTART}, 8) = 0
fcntl64(5, F_GETFL)                     = -1 EBADF (Bad file descriptor)
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
[root@plinuxt2 root]# 

while the vsftpd.log shows:

Thu Jul 17 06:48:51 2003 [pid 2925] [root] FTP command: 
Client "9.181.65.144", "PORT 9,181,65,144,128,99"
Thu Jul 17 06:48:51 2003 [pid 2925] [root] FTP response: 
Client "9.181.65.144", "200 PORT command successful. Consider using PASV."
Thu Jul 17 06:48:51 2003 [pid 2925] [root] FTP command: 
Client "9.181.65.144", "NLST *.log"
Thu Jul 17 06:48:51 2003 [pid 2925] [root] FTP response: 
Client "9.181.65.144", "150 Here comes the directory listing."
Thu Jul 17 06:48:51 2003 [pid 2925] [root] FTP response: 
Client "9.181.65.144", "226 Directory send OK."

Client should issue two "PORT" primitives to complete "mget *".

In general, it looks like a kerberos ftp client bug, which works incorrectly 
under passive-off mode, no matter what ftp server we choose, e.g. proftpd, 
vsftpd, serv-u ..
Comment 2 Thomas Woerner 2003-07-17 09:23:50 EDT
This is a krb5 bug.
Comment 3 Bill Nottingham 2003-07-31 00:24:53 EDT
Looks like a general 64-bit issue in krb5 ftp.

*** This bug has been marked as a duplicate of 99320 ***
Comment 4 Olof Johansson 2003-08-18 11:31:15 EDT
The fix for 99320 did not resolve this problem. This should be reopened.

Since I didn't open it myself (I've taken over Kaenas duties with bugzilla
mirroring), I need to figure out how to get it done.
Comment 5 Olof Johansson 2003-08-18 11:34:12 EDT
olof@us.ibm.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Owner|thinh@us.ibm.com            |olof@us.ibm.com
            Summary|RHEL99320 - ftp cause       |RHEL99310 - ftp cause
                   |segmentation fault          |segmentation fault
             Status|OPEN                        |ASSIGNED
        Owning Team|pSeries                     |Red Hat
Comment 6 Olof Johansson 2003-09-09 08:27:14 EDT
------- Additional Comments From rende@cn.ibm.com  2003-09-09 02:53 -------
Will RedHat or any other group have this fixed before GA?
Comment 7 Olof Johansson 2003-09-09 18:22:22 EDT
------- Additional Comments From mahuja@us.ibm.com  2003-09-09 17:47 -------
Unfortunately teething troubles with another defect has used
up precious time. Will try and start looking at this parallely.

Still awaiting entitlement request sent to management for further
code access.
Comment 8 Olof Johansson 2003-09-16 18:16:16 EDT
------- Additional Comments From mahuja@us.ibm.com  2003-16-09 18:14 -------
Have entitlement and all that is required. Starting to look at
this now..
Comment 9 Olof Johansson 2003-09-25 17:12:28 EDT
------- Additional Comments From mahuja@us.ibm.com  2003-25-09 12:46 -------
Well the fix is going to be a workaround for now.
I will upload the patch here.

Either dup or the socket code is broken.
They all return back same fd numbers which
then get clobbered quite badly.

Still continuing to chase the original. 
But I see now reason to hold off the patch going out.

Although the problem is much nastier than what ftp
manages to see.
Comment 10 Olof Johansson 2003-09-25 17:13:15 EDT
Created attachment 94741 [details]
Workaround patch for ftp, while I track the issue to its core. 

------- Additional Comments From mahuja@us.ibm.com  2003-25-09 17:08 -------
Created an attachment (id=1719)
Workaround patch for ftp, while I track the issue to its core. 

The rpm is krb5-1.2.7-14.src.rpm
Don;t close this bug until I add more details.
But do test this out for now.
Comment 11 Olof Johansson 2003-09-25 21:25:48 EDT
------- Additional Comments From penghb@cn.ibm.com  2003-25-09 21:09 -------
Your patch works. And there is no segment fault now. I am using krb5-1.2.7-
18.src.rpm and do the same modification as yours.
Comment 12 Olof Johansson 2003-10-06 17:55:25 EDT
mahuja@us.ibm.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|OPEN                        |ASSIGNED




------- Additional Comments From mahuja@us.ibm.com  2003-06-10 17:44 -------
Close this bug. The patch I supplied is the final fix. Nothing wrong
with anything else. Dup needs to be done later in the code.

Thanks.
Comment 13 Olof Johansson 2003-10-06 17:56:47 EDT
mahuja@us.ibm.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |FIXEDAWAITINGTEST
         Resolution|                            |FIX_BY_IBM
Comment 14 Olof Johansson 2003-10-06 18:59:54 EDT
------- Additional Comments From olof@us.ibm.com  2003-06-10 18:59 -------
RedHat, please confirm that you will pick up this fix for Update 1. Thanks.
Comment 15 Olof Johansson 2003-10-06 19:06:42 EDT
Redhat: Please review recent bug activity and apply the suggested patch. THanks.
Comment 16 Olof Johansson 2003-12-03 20:45:06 EST
penghb@cn.ibm.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|FIXEDAWAITINGTEST           |OPEN
         Resolution|FIX_BY_IBM                  |




------- Additional Comments From penghb@cn.ibm.com  2003-03-12 20:43 -------
The RHEL3 GM version didn't include the patch. So we will wait for Update 1 and 
check problem is fixed in Update 1.
Comment 17 IBM Bug Proxy 2003-12-09 09:54:41 EST
------ Additional Comments From khoa@us.ibm.com  2003-09-12 01:07 -------
Glen/Greg - please track this with Red Hat.  Bug was already opened with
Red Hat.  Thanks. 
Comment 18 IBM Bug Proxy 2003-12-16 10:21:32 EST
------ Additional Comments From penghb@cn.ibm.com  2003-12-16 04:00 -------
The krb5 package was not upgraded in Update1. We get the same failure in RHEL3 
Update1. 
Comment 19 IBM Bug Proxy 2004-01-12 01:32:49 EST
------ Additional Comments From penghb@cn.ibm.com  2004-01-12 01:22 -------
After install RHEL3-U1-re0108.0-ppc-as-disc1-ftp.iso, it still cause segment 
fault. There is no krb5 upgrade in the iso file. 
Comment 20 IBM Bug Proxy 2004-01-23 23:48:46 EST
----- Additional Comments From khoa@us.ibm.com  2004-01-23 10:05 -------
We will put this defect on the RHEL3 Update3 list to Red Hat. 
Comment 21 IBM Bug Proxy 2004-01-23 23:49:23 EST
----- Additional Comments From khoa@us.ibm.com  2004-01-23 10:06 -------
Mark just told me that this bug was on the RHEL3 Update2 list as a Sev3. 
Comment 22 IBM Bug Proxy 2004-03-23 07:16:28 EST
----- Additional Comments From bujunhui@cn.ibm.com  2004-03-23 07:18 -------
in new-released RHEL3 Update2 Beta0316 this defect still exist. 
Comment 23 IBM Bug Proxy 2004-03-28 17:57:02 EST
----- Additional Comments From khoa@us.ibm.com  2004-03-28 17:58 -------
This is now a Sev2 on RHEL3 U3 list. 
Comment 24 IBM Bug Proxy 2004-07-28 23:30:09 EDT
----- Additional Comments From bujunhui@cn.ibm.com  2004-07-28 23:27 -------
This bug isnot fixed on kernel 2.4.21-18.EL. 
Comment 26 Mike Gahagan 2004-08-12 10:23:26 EDT
IBM,

The bug this was dup'ed against has been fixed by
krb5-workstation-1.2.7-15. Newer packages should also have this fix.
Reproducable by running the kerberos FTP client by running 'lcd
/some/local/directory'. Please verify krb5-workstation to make sure it
got updated. If you are seeing this with another ftp client, it sounds
like we need to open a different bug to address it.
Comment 27 IBM Bug Proxy 2004-08-12 21:50:25 EDT
----- Additional Comments From zhouwu@cn.ibm.com  2004-08-12 21:48 -------
yes, krb5-workstation has been updated to 1.2.7-25. 
Comment 28 IBM Bug Proxy 2004-10-11 06:35:31 EDT
----- Additional Comments From bujunhui@cn.ibm.com  2004-10-11 06:32 EDT -------
For RHEL3-U3 GM Build, this bug is not fixed. 
krb5-workstation has been updated to 1.2.7-28.

BTW:
   Also recreated it on kernel 2.6.8-1.528.2.10(RHEL4 Beta1 0921 refresh isos).

FYI:
-------------------------------------
[root@plinuxt15b test]# ftp localhost
Connected to localhost.localdomain.
220 (vsFTPd 1.2.1)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): 
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode off.
ftp> dir
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-rw-rw-    1 0        0              23 Sep 13 02:40 2
-rw-r--r--    1 0        0            1093 Sep 04 05:18 anaconda-ks.cfg
-rw-r--r--    1 0        0           43365 Sep 04 05:18 install.log
-rw-r--r--    1 0        0            6004 Sep 04 05:17 install.log.syslog
-rw-------    1 0        0        48583636 Sep 13 03:20 nohup.out
-rw-------    1 0        0         1354823 Sep 10 04:45 nohup.out.bak
-rw-r--r--    1 0        0            1360 Sep 13 02:38 pan_lvs
-rw-r--r--    1 0        0            5920 Sep 13 02:37 pan_sm
-rwxr-xr-x    1 0        0              79 Sep 04 05:37 start_pan_io.sh
-rw-r--r--    1 0        0              14 Oct 11 09:02 test
-rw-r--r--    1 0        0              19 Oct 11 09:03 test.txt
226 Directory send OK.
ftp> bin
200 Switching to Binary mode.
ftp> prom
Interactive mode off.
ftp> mget *
Segmentation fault
[root@plinuxt15b test]# uname -r
2.4.21-20.EL 
Comment 29 IBM Bug Proxy 2004-10-15 18:42:06 EDT
----- Additional Comments From khoa@us.ibm.com  2004-10-15 18:38 EDT -------
Jun - sounds like we need to re-open this bug report ? 
Comment 30 mark wisner 2004-10-15 19:45:26 EDT
Why is this in "NEEDINFO" State? What does Red Hat still need?
Comment 31 IBM Bug Proxy 2004-10-17 22:05:35 EDT
----- Additional Comments From bujunhui@cn.ibm.com  2004-10-17 22:06 EDT -------
In my opinion, we should re-open this defect. 
Comment 32 IBM Bug Proxy 2004-11-12 00:58:54 EST
----- Additional Comments From bujunhui@cn.ibm.com  2004-11-12 00:55 EDT -------
Reproduced this on RHEL4 beta2. re-open this defect.
=============================================================
[root@plinuxt6 src]# uname -r
2.6.9-1.648_EL
[root@plinuxt6 src]# rpm -qa |grep krb5-workstation
krb5-workstation-1.3.4-7

[root@plinuxt6 src]# ftp localhost
Connected to plinuxt6.ppc.cn.ibm.com.
220 (vsFTPd 2.0.1)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): 
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode off.
ftp> dir
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r--    1 0        0         5088499 Nov 09 18:41 3R041029.img
drwxr-xr-x    2 0        0            4096 Nov 11 20:36 Desktop
-rw-r--r--    1 0        0            1186 Nov 08 22:30 anaconda-ks.cfg
-rwxr-xr-x    1 0        0            4739 Nov 10 01:25 getrusage02.c
-rw-r--r--    1 0        0           61448 Nov 08 22:30 install.log
-rw-r--r--    1 0        0            8147 Nov 08 22:30 install.log.syslog
-rw-r--r--    1 0        0           56471 Nov 09 18:40 librtas-1.1-12.ppc64.rpm
-rw-------    1 0        0               0 Nov 10 00:54 nohup.out
-rw-r--r--    1 0        0          199771 Nov 09 18:40 ppc64-utils-2.1-
0.ppc64.rpm
226 Directory send OK.
ftp> bin
200 Switching to Binary mode.
ftp> prom
Interactive mode off.
ftp> mget *
Segmentation fault 
Comment 33 IBM Bug Proxy 2004-11-12 01:06:31 EST
----- Additional Comments From bujunhui@cn.ibm.com  2004-11-12 01:06 EDT -------
I tried on SLES and didn't meet this problem. Kernel is 2.6.5-7.112-pseries64. 
Comment 34 IBM Bug Proxy 2004-11-12 05:06:31 EST
----- Additional Comments From bujunhui@cn.ibm.com  2004-11-12 05:06 EDT -------
we opened a RHEL4 Beta2 bug 12487 to track the same problem in RHEL4. This bug 
is used to track it in RHEL3 U3. Thanks. 
Comment 35 IBM Bug Proxy 2004-11-12 05:17:54 EST
----- Additional Comments From bujunhui@cn.ibm.com  2004-11-12 05:15 EDT -------
Made error in comment 37, please ignore it.
Because what i used test is /usr/bin/ftp. "/usr/bin/ftp" works fine.
===========================
jasonlp1:/tmp/1 # which ftp
/usr/bin/ftp
jasonlp1:/tmp/1 # uname -r
2.6.5-7.112-pseries64 
Comment 36 IBM Bug Proxy 2005-06-20 14:31:10 EDT
changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |FIXEDAWAITINGTEST
         Resolution|                            |FIX_BY_IBM
   Target Milestone|RHEL3_U3                    |RHEL3_U5




------- Additional Comments From mranweil@us.ibm.com  2005-06-20 14:28 EDT -------
This is fixed in rhel 4 certainly (bug 12487).  But the comments at the end of
this bug confuse rhel3 and rhel4.  When I look at my rhel3 install tree it has a
version of krb5-workstation that should have the fix.

Please verify this bug on rhel3 and close it. 
Comment 37 IBM Bug Proxy 2005-10-08 02:34:42 EDT
---- Additional Comments From wangzyu@cn.ibm.com  2005-10-08 02:31 EDT -------
  RHEL3 U6 GA do _not_ fix the defect.
  I tested this on soyuz02 which installed RHEL3 U6 GA(2.4.21-37.EL). The defect
reproduced. Following is the detail. FYI:
========================
[root@soyuz02 tmp]# uname -a
Linux soyuz02.upt.austin.ibm.com 2.4.21-37.EL #1 SMP Wed Sep 7 13:23:09 EDT 2005
ppc64 ppc64 ppcx
[root@soyuz02 tmp]# rpm -qa |grep krb5-workstation
krb5-workstation-1.2.7-47
[root@soyuz02 tmp]#

[root@soyuz02 tmp]# ftp localhost
Connected to localhost.localdomain.
220 (vsFTPd 1.2.1)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): 
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode off.
ftp> dir
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r--    1 0        0            1073 Oct 08 05:07 anaconda-ks.cfg
-rw-r--r--    1 0        0           48536 Oct 08 05:07 install.log
-rw-r--r--    1 0        0            6255 Oct 08 05:07 install.log.syslog
226 Directory send OK.
ftp> bin
200 Switching to Binary mode.
ftp> prom
Interactive mode off.
ftp> mget *
Segmentation fault 
Comment 38 IBM Bug Proxy 2005-10-11 01:40:15 EDT
changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ACCEPTED                    |REOPENED
         Resolution|FIX_BY_IBM                  |




------- Additional Comments From wangzyu@cn.ibm.com  2005-10-11 01:40 EDT -------
  1. I verified this defect on mithraslp2(RHEL3 U6, 2.4.21-37.EL) again. While 
I input \"passive, dir, bin, prom, mget *\" in sequence, the defect reproduced. 
The ftp version is 1.2.7-47.
==========================  ftp version  ==============
[root@mithraslp2 tmp]# which ftp
/usr/kerberos/bin/ftp
[root@mithraslp2 tmp]# rpm -qf /usr/kerberos/bin/ftp
krb5-workstation-1.2.7-47
[root@mithraslp2 tmp]# uname -a
Linux mithraslp2.upt.austin.ibm.com 2.4.21-37.EL #1 SMP Wed Sep 7 13:23:09 EDT 
2005 ppc64 ppc64 ppc64 GNU/Linux
[root@mithraslp2 tmp]#
=======================================================

  2. I also verify the defect while server is ftp3.linux.ibm.com. It 
reprodueced. Following is the details. FYI:
=======================================================
[root@mithraslp2 tmp]# ftp ftp3.linux.ibm.com
Connected to ftp3.linux.ibm.com.
220 ProFTPD 1.2.9 Server (Enterprise Linux) [ftp3.rtp.raleigh.ibm.com]
500 AUTH not understood
500 AUTH not understood
KERBEROS_V4 rejected as an authentication type
Name (ftp3.linux.ibm.com:root): wangzyu@cn.ibm.com
331 Password required for wangzyu@cn.ibm.com.
Password:
230-
230- Welcome to the Enterprise Linux development FTP server
230- This server is ftp3.linux.ibm.com
230- The server contact is ftpadmin@linux.ibm.com
230-
230- +-- TERMS OF USE -----------------------------------------------------+
230- | The software on this server is available for IBM INTERNAL USE ONLY, |
230- | and is limited to the uses of Development and Testing, Customer     |
230- | support, Marketing demonstration and promotional activities.        |
230- | Additional information is available at                              |
230- | https://ftp3.linux.ibm.com/terms/                                   |
230- +---------------------------------------------------------------------+
230-
230 User wangzyu@cn.ibm.com logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /suse/install/suse10-ppc-rc1/yast
250 CWD command successful.
ftp> passive
Passive mode off.
ftp> dir
200 PORT command successful
150 Opening ASCII mode data connection for file list
-rw-r-----   1 root     suse            8 Oct  5 20:42 instorder
-rw-r-----   1 root     suse            8 Sep 12 18:45 order
226 Transfer complete.
ftp> bin
200 Type set to I
ftp> prom
Interactive mode off.
ftp> mget *
Segmentation fault
[root@mithraslp2 tmp]# 
Comment 39 IBM Bug Proxy 2005-10-11 02:20:17 EDT
---- Additional Comments From wangzyu@cn.ibm.com  2005-10-11 02:18 EDT -------
  I downloaded krb5-1.2.7-47.src.rpm from rhn.redhat.com and found that the 
patch mentioned in comment#15 is _not_ in that packages. So I try to recompile 
it with that patch. After done, the new ftp with the patch _fix_ the defect. 
So please redhat pickup the patch. Thanks
  following is the patch( I only modify the line number):
==============================================
--- src/appl/gssftp/ftp/cmds.c.orig     2005-10-11 01:48:37.000000000 -0400
+++ src/appl/gssftp/ftp/cmds.c  2005-10-11 02:02:33.000000000 -0400
@@ -1152,9 +1152,10 @@
                        pswitch(!proxy);
                }
                while (*++argv != NULL) {
-                       int     dupfd = dup(fd);
+                       int     dupfd = 0;
 
                        recvrequest (\"NLST\", temp, *argv, \"a\", 0);
+                       dupfd = dup(fd);
                        if (!checkglob(dupfd, *argv)) {
                                badglob = 1;
                                break; 
Comment 40 IBM Bug Proxy 2005-10-11 02:50:36 EDT
---- Additional Comments From mranweil@us.ibm.com  2005-10-11 02:49 EDT -------
Collision...

I forgot to turn off passive mode on anchor (an u5 ppc box) - I can recreate if
I do that.  It works fine otherwise.

Bug 12487 fixed this on rhel4.  I\'ll check if they fixed it some other way
tomorrow and re-open on RH\'s side then. 
Comment 42 IBM Bug Proxy 2005-10-31 19:55:44 EST
Created attachment 120593 [details]
"segfault.patch"
Comment 43 IBM Bug Proxy 2005-10-31 19:56:01 EST
---- Additional Comments From mranweil@us.ibm.com  2005-10-31 19:55 EDT -------
 
partial backport from 1.3.4 that addresses segfault

A long time later... the rhel 4 version (krb5-1.3.4) has a different (much
bigger) change.  This seems to fix the segfault for me.  I don\'t know what you
want to do with this - it is fixed already on rhel4. 
Comment 44 IBM Bug Proxy 2005-11-02 00:45:56 EST
---- Additional Comments From wangzyu@cn.ibm.com  2005-11-02 00:45 EDT -------
  Patch mentioned in comment#49 fix the defect.  I applied the patch on krb5-
1.2.7-47.src.rpm. After done, the defect do _not_ reproduce. 
Comment 48 Bob Johnson 2006-04-11 11:59:35 EDT
This issue is on Red Hat Engineering's list of planned work items 
for the upcoming Red Hat Enterprise Linux 3.8 release.  Engineering 
resources have been assigned and barring unforeseen circumstances, Red 
Hat intends to include this item in the 3.8 release.
Comment 49 David Lawrence 2006-04-24 15:29:52 EDT
OOps. Sorry for the mistake. I searched by the wrong list and mistakenly made
these changes. Sorry for the spam. Removing from blocker bug 185486 and to IBM
confidential group.
Comment 50 David Lawrence 2006-04-24 15:46:23 EDT
The last changes to these bugs were mistakenly made. Removing incorrect blocker
bug and confidential group.
Comment 55 Red Hat Bugzilla 2006-07-20 10:59:41 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0404.html
Comment 56 IBM Bug Proxy 2006-08-24 16:41:23 EDT
changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
               Flag|OnDistroList?               |OnDistroList+




------- Additional Comments From mranweil@us.ibm.com (prefers email at mjr@us.ibm.com)  2006-08-24 16:47 EDT -------
Seemed to work fine for me on u8 (which has the correct rpm levels):
[root@ilinjck3 stuff]# which ftp
/usr/kerberos/bin/ftp
[root@ilinjck3 stuff]# ftp ftp3.linux.ibm.com
Connected to ftp3.linux.ibm.com.
220 ProFTPD 1.3.0rc3 Server (Enterprise Linux) [9.37.253.130]
500 AUTH not understood
500 AUTH not understood
KERBEROS_V4 rejected as an authentication type
Name (ftp3.linux.ibm.com:root): mranweil@us.ibm.com
331 Password required for mranweil@us.ibm.com.
Password:
230 User mranweil@us.ibm.com logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /redhat/install/rhel-3-u7-i386/dosutils
250 CWD command successful
ftp> passive
Passive mode off.
ftp> dir
200 PORT command successful
150 Opening ASCII mode data connection for file list
-rw-r-----   3 root     redhat        503 Oct 12  2001 README
-rw-r-----   1 root     redhat       3983 Mar  6 21:39 TRANS.TBL
drwxr-s---   2 root     redhat       4096 Mar 19 09:31 autoboot
-rw-r-----   3 root     redhat         98 Sep  4  2002 autoboot.bat
-rw-r-----   9 root     redhat      17982 Jun  5  1991 copying
-rw-r-----   3 root     redhat     629760 Aug 13  2001 cygwin1.dll
-rw-r-----   3 root     redhat     172096 Oct 14  1998 fips.exe
drwxr-s---   4 root     redhat       4096 Mar 19 09:31 fips15c
drwxr-s---   4 root     redhat       4096 Mar 19 09:31 fips20
drwxr-s---   2 root     redhat       4096 Mar  6 21:20 fipsdocs
-rw-r-----   3 root     redhat      39910 Jul 28  1996 gzip.exe
-rw-r-----   3 root     redhat      32225 Feb  4  2003 loadlin.exe
-rw-r-----   3 root     redhat      94467 Feb  4  2003 lodlin16.tgz
-rw-r-----   3 root     redhat      14305 Jul 28  1996 rawrite.exe
-rw-r-----   3 root     redhat       2017 Jul 28  1996 rawrite3.doc
drwxr-s---   2 root     redhat       4096 Mar  6 21:20 rawritewin
-rw-r-----   3 root     redhat       9480 Jul 28  1996 rdev.exe
-rw-r-----   3 root     redhat      95744 Aug 13  2001 readcd.exe
-rw-r-----   9 root     redhat      13614 Aug 23  1995 restorrb.exe
226 Transfer complete.
ftp> bin
200 Type set to I
ftp> prom
Interactive mode off.
ftp> mget *
local: README remote: README
200 PORT command successful
150 Opening BINARY mode data connection for README (503 bytes)
226 Transfer complete.
503 bytes received in 0.0093 seconds (53 Kbytes/s)
local: TRANS.TBL remote: TRANS.TBL
200 PORT command successful
etc

Closing. 

Note You need to log in before you can comment on or make changes to this bug.