Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 662684

Summary: net-ftp/ftp-0.17.23.0.2.1 patch 070_all_segv.patch causes segfault
Product: Gentoo Linux Reporter: Hank Leininger <hlein>
Component: Current packagesAssignee: Gentoo's Team for Core System packages <base-system>
Status: RESOLVED FIXED    
Severity: normal CC: jstein, sam
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://github.com/gentoo/gentoo/pull/18862
Whiteboard:
Package list:
Runtime testing required: ---

Description Hank Leininger 2018-08-02 22:18:41 UTC 
The ftp client will segv when connecting to a server that immediately issues a 421 response:

term1$ echo "421 Service not available." | ncat -n -v -l 127.0.0.1
...
Ncat: Listening on 127.0.0.1:31337


term2$ ftp -d -v 127.0.0.1 31337
Connected to 127.0.0.1.
421 Service not available.
Segmentation fault (core dumped)

gdb shows it dying in fclose; strace shows two calls to fclose in a row.

net-ftp/ftp applies patch sets from Debian and then from Gentoo.  I found that if I removed the second chunk of 070_all_segv.patch from Gentoo's netkit-ftp-0.17-patches-2.tar.bz2, the crash goes away:

$ ftp 127.0.0.1 31337
Connected to 127.0.0.1.
421 Service not available.
ftp>

That patch hunk is in ftp/ftp.c:

@@ -529,6 +531,10 @@
                        INTOFF;
                        lostpeer(0);
                        INTON;
+                       if (cout) {
+                               fclose(cout);
+                               cout = NULL;
+                       }
                }
                return (n - '0');
        }

...And it is modifying the behavior at the end of getreply(), specifically, how it handles 421 responses.  With that removed, there's only one fclose() call.  I suspect that this error path is (now?) properly handled and the patch hunk can be dropped.
Comment 1 Hank Leininger 2020-12-28 23:19:43 UTC 
Ping, this segv still occurs, 2+ years later.
Comment 2 Larry the Git Cow gentoo-dev 2021-09-28 03:35:09 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74fca1f794ce6bf84cb6354cc31d5f307508e155

commit 74fca1f794ce6bf84cb6354cc31d5f307508e155
Author:     Hank Leininger <hlein@korelogic.com>
AuthorDate: 2020-12-29 01:12:10 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-09-28 03:34:53 +0000

    net-ftp/ftp: version bump, EAPI bump, fix segv
    
    Sync to a more recent Debian version
    (netkit-ftp-ssl_0.17.34+0.2-5.1.dsc), and fix longstanding segv
    when the server goes away. Updated Gentoo patches for the current
    Debian version. Tested with gcc-10.
    
    Signed-off-by: Hank Leininger <hlein@korelogic.com>
    Closes: https://bugs.gentoo.org/662684
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Closes: https://github.com/gentoo/gentoo/pull/18862
    Signed-off-by: Sam James <sam@gentoo.org>

 net-ftp/ftp/Manifest                   |  2 ++
 net-ftp/ftp/ftp-0.17.34.0.2.5.1.ebuild | 66 ++++++++++++++++++++++++++++++++++
 2 files changed, 68 insertions(+)