Not clear why yet. Crash looks like: """ May 31 16:47:42 sf systemd[1]: Started ProFTPd FTP daemon. May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,239 sf proftpd[466413]: -----BEGIN STACK TRACE----- May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [0] /lib64/libc.so.6(+0x9a2b6) [0x7f2175b3a2b6] May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [1] /lib64/libc.so.6(+0x9a2b6) [0x7f2175b3a2b6] May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [2] /usr/sbin/proftpd(pstrcat+0x78) [0x560c9aefcee8] May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [3] /usr/sbin/proftpd(+0x139012) [0x560c9aff2012] May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [4] /usr/sbin/proftpd(pr_module_load+0x8b) [0x560c9af2495b] May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [5] /usr/sbin/proftpd(modules_init+0x30) [0x560c9af24c60] May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [6] /usr/sbin/proftpd(main+0x31b) [0x560c9aef5dbb] May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [7] /lib64/libc.so.6(__libc_start_main+0xea) [0x7f2175ac3d5a] May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: [8] /usr/sbin/proftpd(_start+0x2a) [0x560c9aef659a] May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: -----END STACK TRACE----- May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: ProFTPD terminating (signal 11) May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: ProFTPD terminating (signal 11) May 31 16:47:42 sf proftpd[466413]: 2020-05-31 16:47:42,240 sf proftpd[466413]: ProFTPD 1.3.7rc4 standalone mode SHUTDOWN """ ================================================================= Package Settings ================================================================= net-ftp/proftpd-1.3.7_rc4::gentoo was built with the following: USE="authfile ban caps case clamav copy ctrls deflate diskuse dso dynmasq exec ident ifsession ifversion ipv6 kerberos ldap memcache msg mysql ncurses nls pam pcre postgres qos radius ratio readme rewrite sftp shaper sitemisc snmp sodium softquota sqlite ssl tcpd test vroot -acl -libressl -log-forensic -selinux -unique-id" ABI_X86="(64)" CFLAGS="-march=sandybridge -mtune=sandybridge -maes --param=l1-cache-size=32 --param=l1-cache-line-size=64 --param=l2-cache-size=8192 -O2 -pipe -fdiagnostics-show-option -frecord-gcc-switches -Wall -Wextra -Wstack-protector -frecord-gcc-switches -ggdb3" CXXFLAGS="-march=sandybridge -mtune=sandybridge -maes --param=l1-cache-size=32 --param=l1-cache-line-size=64 --param=l2-cache-size=8192 -O2 -pipe -fdiagnostics-show-option -frecord-gcc-switches -Wall -Wextra -Wstack-protector -frecord-gcc-switches -ggdb3" FEATURES="news usersandbox xattr fixlafiles config-protect-if-modified distlocks splitdebug protect-owned unknown-features-warn installsources network-sandbox ipc-sandbox binpkg-dostrip sign ebuild-locks fail-clean clean-logs usersync sandbox binpkg-docompress unmerge-logs preserve-libs merge-sync unmerge-orphans pid-sandbox assume-digests sfperms userpriv ccache strict multilib-strict userfetch parallel-fetch qa-unresolved-soname-deps binpkg-logs"
$ gdb --quiet --args /usr/sbin/proftpd --nodaemon -X Reading symbols from /usr/sbin/proftpd... Reading symbols from /usr/lib/debug//usr/sbin/proftpd.debug... (gdb) r Starting program: /usr/sbin/proftpd --nodaemon -X [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Program received signal SIGSEGV, Segmentation fault. __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120 120 movdqu (%rax), %xmm4 (gdb) bt #0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120 #1 0x0000555555597ee8 in pstrcat (p=p@entry=0x55555581f430) at str.c:377 #2 0x000055555568d012 in ldap_mod_init () at mod_ldap.c:3220 #3 0x00005555555bf95b in pr_module_load (m=m@entry=0x5555557c6b60 <ldap_module>) at modules.c:347 #4 0x00005555555bfc60 in modules_init () at modules.c:482 #5 0x0000555555590dbb in main (argc=3, argv=0x7fffffffd948, envp=<optimized out>) at main.c:2499
Valgrind says it's a NULL deref: ==466885== Invalid read of size 1 ==466885== at 0x483AD02: __strlen_sse2 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==466885== by 0x14BEE7: pstrcat (str.c:377) ==466885== by 0x241011: ldap_mod_init (mod_ldap.c:3220) ==466885== by 0x17395A: pr_module_load (modules.c:348) ==466885== by 0x173C5F: modules_init (modules.c:482) ==466885== by 0x144DBA: main (main.c:2499) ==466885== Address 0x1 is not stack'd, malloc'd or (recently) free'd probably comes from somewhere from: (gdb) list mod_ldap.c:3220 3215 3216 if (api_info.ldapai_extensions != NULL) { 3217 register unsigned int i; 3218 3219 for (i = 0; api_info.ldapai_extensions[i]; i++) { 3220 feats = pstrcat(tmp_pool, feats, i != 0 ? ", " : "", 3221 api_info.ldapai_extensions[i]); 3222 ldap_memfree(api_info.ldapai_extensions[i]); 3223 } Seems to be new code added in commit 3590a2c21ffa09503b05169098b5aa0929f29a3a Author: TJ Saunders <tj@castaglia.org> Date: Sat Mar 28 18:23:36 2020 -0700
Filed upstream report as https://github.com/proftpd/proftpd/issues/1027
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f676fd7463f36c8a9860677295731fc2f3e93460 commit f676fd7463f36c8a9860677295731fc2f3e93460 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2020-05-31 17:15:07 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-05-31 17:17:40 +0000 net-ftp/proftpd: fix mod_ldap SIGSEGV Closes: https://bugs.gentoo.org/726460 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> .../files/proftpd-1.3.7_rc4-ldap_mod-SEGV.patch | 38 +++ .../files/proftpd-1.3.7_rc4-str-sentinel.patch | 43 ++++ net-ftp/proftpd/proftpd-1.3.7_rc4-r1.ebuild | 277 +++++++++++++++++++++ 3 files changed, 358 insertions(+)
