363293 – net-ftp/proftpd-1.3.4_rc2 segmentation fault after authentication

Bug 363293 - net-ftp/proftpd-1.3.4_rc2 segmentation fault after authentication

Summary: net-ftp/proftpd-1.3.4_rc2 segmentation fault after authentication

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	AMD64 Linux

Importance:	Normal normal (vote)
Assignee:	Bernd Lommerzheim

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-04-12 13:57 UTC by Andrejs Eigus
Modified:	2011-04-14 19:02 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
sftp trace log (sftp.log,119.32 KB, text/plain) 2011-04-12 13:59 UTC, Andrejs Eigus	Details
sql-groupsetfast-null-pointer.patch (sql-groupsetfast-null-pointer.patch,820 bytes, patch) 2011-04-12 22:48 UTC, Andrejs Eigus	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrejs Eigus 2011-04-12 13:57:17 UTC

After installing package net-ftp/proftpd-1.3.4_rc2, I'm no longer able to login over SFTP. The user accounts are kept in the MySQL table 'proftpd'. The SFTP trace log (sftp.log) is attached.  The proftpd compile settings are below:


  Version: 1.3.4rc2 (devel)
  Platform: LINUX [Linux 2.6.38-gentoo-r1-mrbyte x86_64]
  Built: Tue Apr 12 2011 15:27:12 CEST
  Built With:
    configure  '--prefix=/usr' '--build=x86_64-pc-linux-gnu' '--host=x86_64-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--libdir=/usr/lib64' '--localstatedir=/var/run/proftpd' '--sysconfdir=/etc/proftpd' '--enable-facl' '--disable-auth-file' '--enable-cap' '--disable-ident' '--disable-ipv6' '--disable-memcache' '--enable-ncurses' '--enable-nls' '--disable-auth-pam' '--enable-pcre' '--enable-trace' '--enable-shadow' '--enable-autoshadow' '--enable-openssl' '--with-modules=mod_facl:mod_clamav:mod_sql:mod_sql_passwd:mod_sql_mysql:mod_sftp:mod_sftp_sql:mod_quotatab:mod_quotatab_file:mod_quotatab_sql' 'build_alias=x86_64-pc-linux-gnu' 'host_alias=x86_64-pc-linux-gnu' 'CFLAGS=-march=opteron -O2 -pipe' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed' 'LIBS='

  CFLAGS: -march=opteron -O2 -pipe -Wall
  LDFLAGS: -L$(top_srcdir)/lib -Wl,-O1 -Wl,--as-needed  -L/usr/lib64/mysql -L/usr//lib -L/usr/lib/
  LIBS: -lacl  -lpcreposix -lpcre -lssl -lcrypto -lssl -lcrypto -lcap  -lm -lmysqlclient  -lcrypto -lsupp -lcrypt -ldl  -ldl -lz

  Files:
    Configuration File:
      /etc/proftpd/proftpd.conf
    Pid File:
      /var/run/proftpd/proftpd.pid
    Scoreboard File:
      /var/run/proftpd/proftpd.scoreboard

  Features:
    + Autoshadow support
    - Controls support
    + curses support
    - Developer support
    - DSO support
    - IPv6 support
    + Largefile support
    - Lastlog support
    - Memcache support
    + ncursesw support
    + NLS support
    + OpenSSL support
    + PCRE support
    + POSIX ACL support
    + Shadow file support
    + Sendfile support
    + Trace support

  Tunable Options:
    PR_TUNABLE_BUFFER_SIZE = 1024
    PR_TUNABLE_DEFAULT_RCVBUFSZ = 8192
    PR_TUNABLE_DEFAULT_SNDBUFSZ = 8192
    PR_TUNABLE_GLOBBING_MAX_MATCHES = 100000
    PR_TUNABLE_GLOBBING_MAX_RECURSION = 8
    PR_TUNABLE_HASH_TABLE_SIZE = 40
    PR_TUNABLE_NEW_POOL_SIZE = 512
    PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
    PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
    PR_TUNABLE_SELECT_TIMEOUT = 30
    PR_TUNABLE_TIMEOUTIDENT = 10
    PR_TUNABLE_TIMEOUTIDLE = 600
    PR_TUNABLE_TIMEOUTLINGER = 30
    PR_TUNABLE_TIMEOUTLOGIN = 300
    PR_TUNABLE_TIMEOUTNOXFER = 300
    PR_TUNABLE_TIMEOUTSTALLED = 3600
    PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10

Please note that it works OK with 1.3.4rc1, so I see no reason to provide proftpd.conf.  

Reproducible: Always

Steps to Reproduce:
1. Build package
2. Start proftpd
3. connect to proftpd over sftp and attempt to login as any valid user
Actual Results:  
Straight followed SFTP authentication Proftpd crashes with SIGSEGV (11).

Expected Results:  
The user should have been successfully logged in.

Comment 1 Andrejs Eigus 2011-04-12 13:59:19 UTC

Created attachment 269673 [details]
sftp trace log

Comment 2 Andrejs Eigus 2011-04-12 18:54:47 UTC

Additionally, when compiled as Developer Support enabled (EXTRA_ECONF="--enable-devel=stacktrace" CFLAGS="-g -O0" FEATURES="nostrip noclean" emerge -a proftpd), the stacktrace is returned:

BEANRWEB03:/var/tmp/portage/net-ftp/proftpd-1.3.4_rc2/work/proftpd-1.3.4rc2#./proftpd -n
192.168.99.20 - ProFTPD 1.3.4rc2 (devel) (built Tue Apr 12 2011 20:16:13 CEST) standalone mode STARTUP
192.168.99.20 (91.188.52.74[91.188.52.74]) - FTP session opened.
192.168.99.20 (91.188.52.74[91.188.52.74]) - ProFTPD terminating (signal 11)
192.168.99.20 (91.188.52.74[91.188.52.74]) - FTP session closed.
192.168.99.20 (91.188.52.74[91.188.52.74]) - -----BEGIN STACK TRACE-----
192.168.99.20 (91.188.52.74[91.188.52.74]) - [0] /lib64/libc.so.6(__strcasecmp+0x25) [0x7fa66c743025]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [1] /lib64/libc.so.6(__strcasecmp+0x25) [0x7fa66c743025]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [2] ./proftpd() [0x4a8276]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [3] ./proftpd() [0x4acbe5]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [4] ./proftpd() [0x4b5eba]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [5] ./proftpd() [0x439c6e]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [6] ./proftpd() [0x43dab1]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [7] ./proftpd() [0x43dd9c]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [8] ./proftpd() [0x47675a]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [9] ./proftpd() [0x47953c]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [10] ./proftpd() [0x439c6e]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [11] ./proftpd() [0x40a288]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [12] ./proftpd() [0x40abbc]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [13] ./proftpd() [0x40af2a]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [14] ./proftpd() [0x40b532]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [15] ./proftpd() [0x40c6f6]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [16] ./proftpd() [0x40ce2c]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [17] ./proftpd() [0x40e907]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [18] ./proftpd() [0x40f606]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [19] /lib64/libc.so.6(__libc_start_main+0xe6) [0x7fa66c6d8ba6]
192.168.99.20 (91.188.52.74[91.188.52.74]) - [20] ./proftpd() [0x409709]
192.168.99.20 (91.188.52.74[91.188.52.74]) - -----END STACK TRACE-----
^C192.168.99.20 - ProFTPD terminating (signal 2)
192.168.99.20 - ProFTPD 1.3.4rc2 standalone mode SHUTDOWN


---

Decrypting stacktrace shows:

BEANRWEB03:#addr2line -e ./proftpd 0x4a8276
/modules/mod_sql_mysql.c:965
BEANRWEB03:#addr2line -e ./proftpd 0x4acbe5
/modules/mod_sql.c:508
BEANRWEB03:#addr2line -e ./proftpd 0x4b5eba
/modules/mod_sql.c:4048
BEANRWEB03:#addr2line -e ./proftpd 0x439c6e
/src/modules.c:59
BEANRWEB03:#addr2line -e ./proftpd 0x43dab1
/src/auth.c:281
BEANRWEB03:#addr2line -e ./proftpd 0x43dd9c
/src/auth.c:368
BEANRWEB03:#addr2line -e ./proftpd 0x4e3453
/contrib/mod_sftp/auth.c:81
BEANRWEB03:#addr2line -e ./proftpd 0x4e42f5
/contrib/mod_sftp/auth.c:462
BEANRWEB03:#addr2line -e ./proftpd 0x4e5f0c
/contrib/mod_sftp/auth.c:1119
BEANRWEB03:#addr2line -e ./proftpd 0x4e640f
/contrib/mod_sftp/auth.c:1263
BEANRWEB03:#addr2line -e ./proftpd 0x4d0519
/contrib/mod_sftp/packet.c:1471
BEANRWEB03:#addr2line -e ./proftpd 0x4c671b
/contrib/mod_sftp/mod_sftp.c:246
BEANRWEB03:#addr2line -e ./proftpd 0x40c6f6
/src/main.c:1409
BEANRWEB03:#addr2line -e ./proftpd 0x40ce2c
/src/main.c:1621
BEANRWEB03:#addr2line -e ./proftpd 0x40e907
/src/main.c:2536
BEANRWEB03:#addr2line -e ./proftpd 0x40f606
/src/main.c:3188
BEANRWEB03:#addr2line -e ./proftpd 0x409709

---

Interestingly, the stack trace could only be obtained when using emerge with the following flags: ``CFLAGS="-g -O0" FEATURES="nostrip noclean"'' and when pointing addr2line directly at the executable in the source tree in /var/tmp/portage/net-ftp/proftpd-1.3.4_rc2/work/proftpd-1.3.4rc2.  addr2line provides no information when pointing out at the installed binary: /usr/sbin/proftpd, for some reason.

Comment 3 Andrejs Eigus 2011-04-12 22:48:42 UTC

Created attachment 269731 [details, diff]
sql-groupsetfast-null-pointer.patch

The sql-groupsetfast-null-pointer patch resolves the issue.  It should be placed into the /files sub-directory of the proftpd ebuild and the proftpd-1.3.4_rc2.ebuild should be patched accordingly to make use of it:

--- /usr/portage/net-ftp/proftpd/proftpd-1.3.4_rc2.ebuild	2011-04-04 22:56:08.000000000 +0200
+++ ./proftpd-1.3.4_rc2.ebuild	2011-04-13 00:16:36.000000000 +0200
@@ -62,2 +62,3 @@
 	use case && __prepare_module mod_case
+	epatch "${FILESDIR}"/sql-groupsetfast-null-pointer.patch
 	if use clamav ; then

Comment 4 Andrejs Eigus 2011-04-12 22:49:26 UTC

The issue has been resolved, see the attached patch: sql-groupsetfast-null-pointer.patch

Comment 5 Bernard Cafarelli gentoo-dev

2011-04-14 19:02:46 UTC

Thanks for the report! (and analysis, and patch). Remember to leave the bug open until we really fix it in portage tree though ;) 

I saw that the patch was committed upstream too, so rc3 will be ok. In the meantime, I've added the patch to 1.3.4_rc2-r1 in CVS