Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 726460 - =net-ftp/proftpd-1.3.7_rc4 crashes at start under systemd
Summary: =net-ftp/proftpd-1.3.7_rc4 crashes at start under systemd
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Sergei Trofimovich (RETIRED)
URL: https://github.com/proftpd/proftpd/is...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-31 15:50 UTC by Sergei Trofimovich (RETIRED)
Modified: 2020-05-31 17:18 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sergei Trofimovich (RETIRED) gentoo-dev 2020-05-31 15:50:09 UTC 
Not clear why yet. Crash looks like:

"""
May 31 16:47:42 sf systemd[1]: Started ProFTPd FTP daemon.
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,239 sf proftpd[466413]: -----BEGIN STACK TRACE-----
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [0] /lib64/libc.so.6(+0x9a2b6) [0x7f2175b3a2b6]
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [1] /lib64/libc.so.6(+0x9a2b6) [0x7f2175b3a2b6]
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [2] /usr/sbin/proftpd(pstrcat+0x78) [0x560c9aefcee8]
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [3] /usr/sbin/proftpd(+0x139012) [0x560c9aff2012]
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [4] /usr/sbin/proftpd(pr_module_load+0x8b) [0x560c9af2495b]
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [5] /usr/sbin/proftpd(modules_init+0x30) [0x560c9af24c60]
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [6] /usr/sbin/proftpd(main+0x31b) [0x560c9aef5dbb]
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [7] /lib64/libc.so.6(__libc_start_main+0xea) [0x7f2175ac3d5a]
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [8] /usr/sbin/proftpd(_start+0x2a) [0x560c9aef659a]
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: -----END STACK TRACE-----
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: ProFTPD terminating (signal 11)
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: ProFTPD terminating (signal 11)
May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: ProFTPD 1.3.7rc4 standalone mode SHUTDOWN
"""

=================================================================
                        Package Settings
=================================================================

net-ftp/proftpd-1.3.7_rc4::gentoo was built with the following:
USE="authfile ban caps case clamav copy ctrls deflate diskuse dso dynmasq exec ident ifsession ifversion ipv6 kerberos ldap memcache msg mysql ncurses nls pam pcre postgres qos radius ratio readme rewrite sftp shaper sitemisc snmp sodium softquota sqlite ssl tcpd test vroot -acl -libressl -log-forensic -selinux -unique-id" ABI_X86="(64)"
CFLAGS="-march=sandybridge -mtune=sandybridge -maes --param=l1-cache-size=32 --param=l1-cache-line-size=64 --param=l2-cache-size=8192 -O2 -pipe -fdiagnostics-show-option -frecord-gcc-switches -Wall -Wextra -Wstack-protector -frecord-gcc-switches -ggdb3"
CXXFLAGS="-march=sandybridge -mtune=sandybridge -maes --param=l1-cache-size=32 --param=l1-cache-line-size=64 --param=l2-cache-size=8192 -O2 -pipe -fdiagnostics-show-option -frecord-gcc-switches -Wall -Wextra -Wstack-protector -frecord-gcc-switches -ggdb3"
FEATURES="news usersandbox xattr fixlafiles config-protect-if-modified distlocks splitdebug protect-owned unknown-features-warn installsources network-sandbox ipc-sandbox binpkg-dostrip sign ebuild-locks fail-clean clean-logs usersync sandbox binpkg-docompress unmerge-logs preserve-libs merge-sync unmerge-orphans pid-sandbox assume-digests sfperms userpriv ccache strict multilib-strict userfetch parallel-fetch qa-unresolved-soname-deps binpkg-logs"
Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev 2020-05-31 15:51:55 UTC 
$ gdb --quiet --args /usr/sbin/proftpd --nodaemon -X
Reading symbols from /usr/sbin/proftpd...
Reading symbols from /usr/lib/debug//usr/sbin/proftpd.debug...
(gdb) r
Starting program: /usr/sbin/proftpd --nodaemon -X
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
120		movdqu	(%rax), %xmm4
(gdb) bt
#0  __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
#1  0x0000555555597ee8 in pstrcat (p=p@entry=0x55555581f430) at str.c:377
#2  0x000055555568d012 in ldap_mod_init () at mod_ldap.c:3220
#3  0x00005555555bf95b in pr_module_load (m=m@entry=0x5555557c6b60 <ldap_module>) at modules.c:347
#4  0x00005555555bfc60 in modules_init () at modules.c:482
#5  0x0000555555590dbb in main (argc=3, argv=0x7fffffffd948, envp=<optimized out>) at main.c:2499
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2020-05-31 16:06:39 UTC 
Valgrind says it's a NULL deref:

==466885== Invalid read of size 1
==466885==    at 0x483AD02: __strlen_sse2 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==466885==    by 0x14BEE7: pstrcat (str.c:377)
==466885==    by 0x241011: ldap_mod_init (mod_ldap.c:3220)
==466885==    by 0x17395A: pr_module_load (modules.c:348)
==466885==    by 0x173C5F: modules_init (modules.c:482)
==466885==    by 0x144DBA: main (main.c:2499)
==466885==  Address 0x1 is not stack'd, malloc'd or (recently) free'd

probably comes from somewhere from:

(gdb) list mod_ldap.c:3220
3215	
3216	      if (api_info.ldapai_extensions != NULL) {
3217	        register unsigned int i;
3218	
3219	        for (i = 0; api_info.ldapai_extensions[i]; i++) {
3220	          feats = pstrcat(tmp_pool, feats, i != 0 ? ", " : "",
3221	            api_info.ldapai_extensions[i]);
3222	          ldap_memfree(api_info.ldapai_extensions[i]);
3223	        }

Seems to be new code added in

commit 3590a2c21ffa09503b05169098b5aa0929f29a3a
Author: TJ Saunders <tj@castaglia.org>
Date:   Sat Mar 28 18:23:36 2020 -0700
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2020-05-31 16:15:20 UTC 
Filed upstream report as https://github.com/proftpd/proftpd/issues/1027
Comment 4 Larry the Git Cow gentoo-dev 2020-05-31 17:18:41 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f676fd7463f36c8a9860677295731fc2f3e93460

commit f676fd7463f36c8a9860677295731fc2f3e93460
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2020-05-31 17:15:07 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2020-05-31 17:17:40 +0000

    net-ftp/proftpd: fix mod_ldap SIGSEGV
    
    Closes: https://bugs.gentoo.org/726460
    Package-Manager: Portage-2.3.100, Repoman-2.3.22
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 .../files/proftpd-1.3.7_rc4-ldap_mod-SEGV.patch    |  38 +++
 .../files/proftpd-1.3.7_rc4-str-sentinel.patch     |  43 ++++
 net-ftp/proftpd/proftpd-1.3.7_rc4-r1.ebuild        | 277 +++++++++++++++++++++
 3 files changed, 358 insertions(+)