Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 109912

Summary: net-ftp/atftp-0.7 segfaults when entering commands
Product: Gentoo Linux Reporter: Raymond Lewis Rebbeck <dystopianray>
Component: Current packagesAssignee: Robin Johnson <robbat2>
Status: RESOLVED FIXED    
Severity: critical    
Priority: High    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: Patch to fix the above mentioned problem.

Description Raymond Lewis Rebbeck 2005-10-20 04:37:50 UTC 
net-ftp/atftp-0.7 segfaults everytime a command is entered, regardless of   
whether the command is valid or not. Any input at all results in a segfault.   
This only occurs with commands entered on aftp's own little config thing.  
   
If every needed option is specified as command line arguments, then it works   
perfectly. 
 
Below is an example of the segfaulting: 
 
$ atftp 
tftp> host 192.168.2.1 
Segmentation fault 
$ atftp 
tftp> mode binary 
Segmentation fault 
$ atftp 
tftp> argh! 
Segmentation fault 

Reproducible: Always
Steps to Reproduce:
1. emerge atftp 
2. execute 'atftp' 
3. attempt to enter a command 
  
Actual Results:  
Segfault. 

Expected Results:  
It should have accepted the command and allowed you to specify further  
commands before sending the file.  

Portage 2.0.51.22-r3 (default-linux/amd64/2005.1, gcc-3.4.4, glibc-2.3.5-r2, 
2.6.13-gentoo-r3 x86_64) 
================================================================= 
System uname: 2.6.13-gentoo-r3 x86_64 AMD Athlon(tm) 64 Processor 3000+ 
Gentoo Base System version 1.6.13 
dev-lang/python:     2.4.2 
sys-apps/sandbox:    1.2.12 
sys-devel/autoconf:  2.13, 2.59-r6 
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 
sys-devel/binutils:  2.15.92.0.2-r10 
sys-devel/libtool:   1.5.20 
virtual/os-headers:  2.6.11-r2 
ACCEPT_KEYWORDS="amd64" 
AUTOCLEAN="yes" 
CBUILD="x86_64-pc-linux-gnu" 
CFLAGS="-march=athlon64 -O2 -pipe" 
CHOST="x86_64-pc-linux-gnu" 
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" 
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" 
CXXFLAGS="-march=athlon64 -O2 -pipe" 
DISTDIR="/usr/portage/distfiles" 
FEATURES="autoconfig distlocks sandbox sfperms strict" 
GENTOO_MIRRORS="http://distfiles.gentoo.org 
http://distro.ibiblio.org/pub/Linux/distributions/gentoo" 
LC_ALL="en_AU.UTF-8" 
LINGUAS="en_GB" 
MAKEOPTS="-j2" 
PKGDIR="/usr/portage/packages" 
PORTAGE_TMPDIR="/var/tmp" 
PORTDIR="/usr/portage" 
SYNC="rsync://rsync.au.gentoo.org/gentoo-portage" 
USE="amd64 X aac alsa apache2 arts avi bash-completion berkdb bitmap-fonts cdr 
cjk crypt curl dts dvd dvdr eds emboss encode exif fam flac foomaticdb fortran 
gif gpm gtk gtk2 hal ieee1394 imlib java jpeg kde kdeenablefinal lm_sensors 
lzw lzw-tiff mad mp3 mpeg ncurses nls nptl ogg oggvorbis opengl pam pdflib 
perl pic png python qt quicktime readline sdl spell ssl tcpd tiff truetype 
truetype-fonts type1-fonts unicode usb userlocales vcd vorbis xine xml2 xpm xv 
zlib linguas_en_GB userland_GNU kernel_linux elibc_glibc" 
Unset:  ASFLAGS, CTARGET, LANG, LDFLAGS, PORTDIR_OVERLAY
Comment 1 Michael Dale Long 2005-12-04 10:15:55 UTC 
I am having the same problem.

Portage 2.0.53 (default-linux/amd64/2005.1, gcc-3.4.4, glibc-2.3.5-r3,
2.6.14-gentoo-r2 x86_64)
=================================================================
System uname: 2.6.14-gentoo-r2 x86_64 AMD Athlon(tm) 64 Processor 4000+
Gentoo Base System version 1.12.0_pre11
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.4 [enabled]
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.16
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r1
sys-devel/libtool:   1.5.20-r1
virtual/os-headers:  2.6.11-r3
ACCEPT_KEYWORDS="amd64 ~amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -O2 -pipe -fno-ident"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env
/usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env
/usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/3/share/config
/usr/lib/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=athlon64 -O2 -pipe -fno-ident -fvisibility-inlines-hidden"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks sandbox sfperms strict userpriv"
GENTOO_MIRRORS="ftp://gentoo.chem.wisc.edu/gentoo/
http://gentoo.chem.wisc.edu/gentoo/
http://distro.ibiblio.org/pub/linux/distributions/gentoo/
http://gentoo.seren.com/gentoo http://gentoo.cites.uiuc.edu/pub/gentoo/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="amd64 3dnowex X acpi aim alsa apm arts audiofile avi bash-completion berkdb
bitmap-fonts bzip2 cdr crypt curl directfb dvd dvdr dvdread eds emacs
emul-linux-x86 encode ethereal expat fam fbcon ftp gdbm gif gmp gpm gstreamer
gtk gtk2 icq idn imagemagick imap imlib ipv6 jabber java javascript joystick
jpeg kde kdeenablefinal lcms lm_sensors lua lzw lzw-tiff mad mhash mime mmap mng
mozilla mp3 mpeg msn ncurses nls nptl nptlonly nvidia ogg openal opengl oscar
pam pcre pdflib perl png python qt quicktime readline ruby samba sdl sharedmem
simplexml sockets sox speex spell ssl svg szip tcltk theora threads tidy tiff
truetype truetype-fonts type1-fonts udev usb userlocales vorbis wifi xine
xinerama xml2 xmms xpm xv xvid zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
Comment 2 Jacob Brown 2005-12-23 10:28:44 UTC 
I just emerged this packages and saw this bug as well.  I couldn't download atftp from the vendors website, so I just took a look in the source code from portage.
The problem is in tftp.c in the make_arg function (line 357 for me); the argz_len variable is defined as "int" where it should be "size_t".  This problem may not be showing on i386 machines because perhaps "int" and "size_t" are the same on that platform?  not sure, but I'm running amd64 and since the argz_create_sep function thinks it's taking a pointer to "size_t", it fills up the whole size of that variable when it sets it, therefore on my system, when it passes an int, it is overwriting 4 bytes on the stack as all zeros which just happens to be the argv pointer in make_arg which is causing a segfault.

Anyways, just change the "int" to "size_t" like it should be (gcc warnings warn you of this anyways) and it will fix the problem.
Comment 3 Raymond Lewis Rebbeck 2005-12-23 13:02:19 UTC 
Created attachment 75407 [details, diff]
Patch to fix the above mentioned problem.
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2006-05-26 14:47:36 UTC 
fixed in cvs (via the debian patch).