standards/144761: FTPD bug remote crash

David BERARD contact at davidberard.fr
Mon Mar 15 12:40:08 UTC 2010


>Number:         144761
>Category:       standards
>Synopsis:       FTPD bug remote crash
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-standards
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 15 12:40:07 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     David BERARD
>Release:        FreeBSD 8.0-RELEASE amd64
>Organization:
NFrance Conseil
>Environment:
System: FreeBSD lab.polymorf.fr 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009 root at mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64

>Description:
FTPD child process can die with signal 11, bug found by Kingcope
	kernel: pid 46033 (ftpd), uid 1001: exited on signal 11
References :
	http://seclists.org/fulldisclosure/2010/Mar/117
	http://seclists.org/fulldisclosure/2010/Mar/138
	http://seclists.org/fulldisclosure/2010/Mar/139
>How-To-Repeat:
	ftp localhost
	[....login....]
	ftp> mkdir WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
	ftp> ls {W*/../W*/../W*/../W*/../W*/../W*/../W*/}
	[....Server close connection....]
>Fix:

See the attached patch, should fix issue

--- ftpd_popen.patch begins here ---
--- /usr/src/libexec/ftpd/popen.c	2009-10-25 01:10:29.000000000 +0000
+++ /usr/src/libexec/ftpd/popen.c	2010-03-13 08:03:24.000000000 +0000
@@ -108,7 +108,7 @@
 		memset(&gl, 0, sizeof(gl));
 		gl.gl_matchc = MAXGLOBARGS;
 		flags |= GLOB_LIMIT;
-		if (glob(argv[argc], flags, NULL, &gl))
+		if (glob(argv[argc], flags, NULL, &gl) || gl.gl_pathc == 0)
 			gargv[gargc++] = strdup(argv[argc]);
 		else
 			for (pop = gl.gl_pathv; *pop && gargc < (MAXGLOBARGS-1);
--- ftpd_popen.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-standards mailing list