Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#762516: proftpd-basic: segfault in TLS mode with certificate when strlen on NULL, string
16 views
Skip to first unread message
Frédéric Magnard
Sep 22, 2014, 9:10:01 PM9/22/14
to
Subject: proftpd-basic: segfault in TLS mode with certificate when strlen on NULL string
Package: proftpd-basic
Version: 1.3.4a-5+deb7u1
Severity: important
Tags: upstream patch
-- System Information:
Debian Release: 7.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages proftpd-basic depends on:
ii adduser 3.113+nmu3
ii debconf 1.5.49
ii debianutils 4.3.2
ii libacl1 2.2.51-8
ii libc6 2.13-38+deb7u4
ii libcap2 1:2.22-1.2
ii libncurses5 5.9-10
ii libpam-runtime 1.1.3-7.1
ii libpam0g 1.1.3-7.1
ii libpcre3 1:8.30-5
ii libssl1.0.0 1.0.1e-2+deb7u12
ii libtinfo5 5.9-10
ii libwrap0 7.6.q-24
ii netbase 5.0
ii sed 4.2.1-10
ii ucf 3.0025+nmu3
ii update-inetd 4.43
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages proftpd-basic recommends:
ii proftpd-mod-vroot 0.9.2-2+b2
Versions of packages proftpd-basic suggests:
pn openbsd-inetd | inet-superserver <none>
ii openssl 1.0.1e-2+deb7u12
pn proftpd-doc <none>
pn proftpd-mod-ldap <none>
pn proftpd-mod-mysql <none>
pn proftpd-mod-odbc <none>
pn proftpd-mod-pgsql <none>
pn proftpd-mod-sqlite <none>
-- debconf information excluded
I use proftpd with TLS configuration like:
# TLS
<IfModule mod_tls.c>
TLSEngine on
TLSLog /home/debian/test/proftpd/logs/proftpd_tls.log ALL
TLSProtocol SSLv23
# TLSProtocol TLSv1
# reject protection of the data channel
TLSRequired !data
TLSOptions AllowDotLogin
# Server's certificate
TLSRSACertificateFile /etc/ssl/certs/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.key.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Change renegotiations so that they are not required, only requested
TLSRenegotiate required off
</IfModule>
And then try to connect to it using certificates with a commande like:
curl -v --ftp-create-dirs -k --ftp-ssl-control -u debian:null -E ~/.ssl/ftps.cat.pem ftp://server//home/debian/toto
proftpd then segfaults on line 269 of modules/mod_auth.c:
passwd_len = strlen(cmd->arg);
cmd->arg is NULL in this configuration, and strlen segfaults.
To solve the bug, this line can be replaced by:
passwd_len = (cmd->arg == NULL) ? 0 : strlen(cmd->arg);
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Package: proftpd-basic
Version: 1.3.4a-5+deb7u1
Severity: important
Tags: upstream patch
-- System Information:
Debian Release: 7.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages proftpd-basic depends on:
ii adduser 3.113+nmu3
ii debconf 1.5.49
ii debianutils 4.3.2
ii libacl1 2.2.51-8
ii libc6 2.13-38+deb7u4
ii libcap2 1:2.22-1.2
ii libncurses5 5.9-10
ii libpam-runtime 1.1.3-7.1
ii libpam0g 1.1.3-7.1
ii libpcre3 1:8.30-5
ii libssl1.0.0 1.0.1e-2+deb7u12
ii libtinfo5 5.9-10
ii libwrap0 7.6.q-24
ii netbase 5.0
ii sed 4.2.1-10
ii ucf 3.0025+nmu3
ii update-inetd 4.43
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages proftpd-basic recommends:
ii proftpd-mod-vroot 0.9.2-2+b2
Versions of packages proftpd-basic suggests:
pn openbsd-inetd | inet-superserver <none>
ii openssl 1.0.1e-2+deb7u12
pn proftpd-doc <none>
pn proftpd-mod-ldap <none>
pn proftpd-mod-mysql <none>
pn proftpd-mod-odbc <none>
pn proftpd-mod-pgsql <none>
pn proftpd-mod-sqlite <none>
-- debconf information excluded
I use proftpd with TLS configuration like:
# TLS
<IfModule mod_tls.c>
TLSEngine on
TLSLog /home/debian/test/proftpd/logs/proftpd_tls.log ALL
TLSProtocol SSLv23
# TLSProtocol TLSv1
# reject protection of the data channel
TLSRequired !data
TLSOptions AllowDotLogin
# Server's certificate
TLSRSACertificateFile /etc/ssl/certs/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.key.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Change renegotiations so that they are not required, only requested
TLSRenegotiate required off
</IfModule>
And then try to connect to it using certificates with a commande like:
curl -v --ftp-create-dirs -k --ftp-ssl-control -u debian:null -E ~/.ssl/ftps.cat.pem ftp://server//home/debian/toto
proftpd then segfaults on line 269 of modules/mod_auth.c:
passwd_len = strlen(cmd->arg);
cmd->arg is NULL in this configuration, and strlen segfaults.
To solve the bug, this line can be replaced by:
passwd_len = (cmd->arg == NULL) ? 0 : strlen(cmd->arg);
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Hilmar Preusse
Sep 1, 2016, 9:50:02 AM9/1/16
to
forwarded 762516 http://bugs.proftpd.org/show_bug.cgi?id=3788
stop
On 23.09.14 Frédéric Magnard (mag...@iap.fr) wrote:
Hi Frédéric,
> Subject: proftpd-basic: segfault in TLS mode with certificate when strlen on NULL string
> Package: proftpd-basic
> Version: 1.3.4a-5+deb7u1
> Severity: important
> Tags: upstream patch
>
>
I /think/ I found that bug already reported in upstream. The upstream
bug is already closed, but I guess this is an error. I left some
comments in the bug in the hope it will be re-opened.
Using that old bug as forwarding address for now.
Hilmar
sigmentation fault
stop
On 23.09.14 Frédéric Magnard (mag...@iap.fr) wrote:
Hi Frédéric,
> Subject: proftpd-basic: segfault in TLS mode with certificate when strlen on NULL string
> Package: proftpd-basic
> Version: 1.3.4a-5+deb7u1
> Severity: important
> Tags: upstream patch
>
>
bug is already closed, but I guess this is an error. I left some
comments in the bug in the hope it will be re-opened.
Using that old bug as forwarding address for now.
Hilmar
0 new messages