Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1058796: pure-ftpd-postgresql unable to connect to PostgreSQL with segfault at 1538
64 views
Skip to first unread message
Gian Luca Dalla Torre
Dec 16, 2023, 9:30:06 AM12/16/23
to
Package: pure-ftpd-postgresql
Version: 1.0.50-2.1+b2
Severity: important
Dear Maintainer,
We are re-installing a new machine to replace our previous FTP server by installing the mentioned package.
We have configured the server by copying the same parameters we have on the previous machine, but when we test the connectivity, we observe that:
* There is no connection to PostgreSQL to verify the credentials.
* The client's connection is terminated by directly closing the socket.
The error log shows the following message:
Dec 16 09:51:01 application pure-ftpd[696673]: (?@151.51.150.195) [INFO] New connection from 151.51.150.195
Dec 16 09:51:01 application pure-ftpd[696673]: (?@151.51.150.195) [DEBUG] Command [feat] []
Dec 16 09:51:02 application pure-ftpd[696673]: (?@151.51.150.195) [DEBUG] Command [user] [upload3@]
Dec 16 09:51:02 application pure-ftpd[696673]: (?@151.51.150.195) [DEBUG] Command [pass] [<*>]
Dec 16 09:51:02 application kernel: pure-ftpd-postg[696673]: segfault at 1538 ip 00007efceb2f0618 sp 00007ffed80aec58 error 4 in libc.so.6[7efceb1af000+155000] likely on CPU 31 (core 1, socket 1)
indicating that there is a segmentation fault within the code of the package.
The situation is well described in this link:
https://superuser.com/questions/1800870/why-is-pure-ftpd-postgresql-not-connecting-to-my-postgresql-database
Continuing the research, it seems to be a problem caused by an error in PureFTPd 1.0.50, which also occurred in FreeBSD (the error was identical, with the same segmentation fault):
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261358
The developer has provided the patch to fix the issue:
https://bz-attachments.freebsd.org/attachment.cgi?id=231197
Without fixing the problem, it is not possible to use the package. In previous Debian releases, the issue was not present because the PureFTPd version was not 1.0.50.
It is not possible to use PostgreSQL connection with PureFTPd with Bookworm release. I assume that by applying the mentioned patch, the package will start working as required.
-- System Information:
Debian Release: 12.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-14-amd64 (SMP w/40 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages pure-ftpd-postgresql depends on:
ii libc6 2.36-9+deb12u3
ii libcap2 1:2.66-4
ii libcrypt1 1:4.4.33-2
ii libpam0g 1.5.2-6+deb12u1
ii libpq5 15.5-0+deb12u1
ii libsodium23 1.0.18-1
ii libssl3 3.0.11-1~deb12u2
ii openbsd-inetd [inet-superserver] 0.20221205-2~deb12u1
ii pure-ftpd-common 1.0.50-2.1
ii sysvinit-utils [lsb-base] 3.06-4
pure-ftpd-postgresql recommends no packages.
pure-ftpd-postgresql suggests no packages.
-- Configuration Files:
/etc/pure-ftpd/db/postgresql.conf changed [not included]
-- no debconf information
Version: 1.0.50-2.1+b2
Severity: important
Dear Maintainer,
We are re-installing a new machine to replace our previous FTP server by installing the mentioned package.
We have configured the server by copying the same parameters we have on the previous machine, but when we test the connectivity, we observe that:
* There is no connection to PostgreSQL to verify the credentials.
* The client's connection is terminated by directly closing the socket.
The error log shows the following message:
Dec 16 09:51:01 application pure-ftpd[696673]: (?@151.51.150.195) [INFO] New connection from 151.51.150.195
Dec 16 09:51:01 application pure-ftpd[696673]: (?@151.51.150.195) [DEBUG] Command [feat] []
Dec 16 09:51:02 application pure-ftpd[696673]: (?@151.51.150.195) [DEBUG] Command [user] [upload3@]
Dec 16 09:51:02 application pure-ftpd[696673]: (?@151.51.150.195) [DEBUG] Command [pass] [<*>]
Dec 16 09:51:02 application kernel: pure-ftpd-postg[696673]: segfault at 1538 ip 00007efceb2f0618 sp 00007ffed80aec58 error 4 in libc.so.6[7efceb1af000+155000] likely on CPU 31 (core 1, socket 1)
indicating that there is a segmentation fault within the code of the package.
The situation is well described in this link:
https://superuser.com/questions/1800870/why-is-pure-ftpd-postgresql-not-connecting-to-my-postgresql-database
Continuing the research, it seems to be a problem caused by an error in PureFTPd 1.0.50, which also occurred in FreeBSD (the error was identical, with the same segmentation fault):
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261358
The developer has provided the patch to fix the issue:
https://bz-attachments.freebsd.org/attachment.cgi?id=231197
Without fixing the problem, it is not possible to use the package. In previous Debian releases, the issue was not present because the PureFTPd version was not 1.0.50.
It is not possible to use PostgreSQL connection with PureFTPd with Bookworm release. I assume that by applying the mentioned patch, the package will start working as required.
-- System Information:
Debian Release: 12.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-14-amd64 (SMP w/40 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages pure-ftpd-postgresql depends on:
ii libc6 2.36-9+deb12u3
ii libcap2 1:2.66-4
ii libcrypt1 1:4.4.33-2
ii libpam0g 1.5.2-6+deb12u1
ii libpq5 15.5-0+deb12u1
ii libsodium23 1.0.18-1
ii libssl3 3.0.11-1~deb12u2
ii openbsd-inetd [inet-superserver] 0.20221205-2~deb12u1
ii pure-ftpd-common 1.0.50-2.1
ii sysvinit-utils [lsb-base] 3.06-4
pure-ftpd-postgresql recommends no packages.
pure-ftpd-postgresql suggests no packages.
-- Configuration Files:
/etc/pure-ftpd/db/postgresql.conf changed [not included]
-- no debconf information
Sudip Mukherjee
Jan 9, 2024, 5:40:06 PM1/9/24
to
I can confirm that I can reproduce the segfault and can also confirm that the upstream commit at https://github.com/jedisct1/pure-ftpd/commit/c3f0f3c91d86939e6fabf5f65c6c6fc964e6032e has fixed the problem for me.
--
Regards
SudipSudip Mukherjee
Jan 11, 2024, 3:10:05 PM1/11/24
to
Control: tags 1058796 + patch
Control: tags 1058796 + pending
--
Dear maintainer,
I've prepared an NMU for pure-ftpd (versioned as 1.0.50-2.2) and
uploaded it to DELAYED/10. Please feel free to tell me if I
should delay it longer.
--
Regards
Sudip
diff -Nru pure-ftpd-1.0.50/debian/changelog pure-ftpd-1.0.50/debian/changelog
--- pure-ftpd-1.0.50/debian/changelog 2022-01-31 18:42:16.000000000 +0000
+++ pure-ftpd-1.0.50/debian/changelog 2024-01-11 19:40:01.000000000 +0000
@@ -1,3 +1,11 @@
+pure-ftpd (1.0.50-2.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Apply upstream patch to fix segfault by parsing
+ port number properly. (Closes: #1058796)
+
+ -- Sudip Mukherjee <sudipm.m...@gmail.com> Thu, 11 Jan 2024 19:40:01 +0000
+
pure-ftpd (1.0.50-2.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru pure-ftpd-1.0.50/debian/patches/fix-port.patch pure-ftpd-1.0.50/debian/patches/fix-port.patch
--- pure-ftpd-1.0.50/debian/patches/fix-port.patch 1970-01-01 01:00:00.000000000 +0100
+++ pure-ftpd-1.0.50/debian/patches/fix-port.patch 2024-01-11 19:39:57.000000000 +0000
@@ -0,0 +1,45 @@
+From c3f0f3c91d86939e6fabf5f65c6c6fc964e6032e Mon Sep 17 00:00:00 2001
+From: Frank Denis <git...@pureftpd.org>
+Date: Thu, 20 Jan 2022 19:54:27 +0100
+Subject: [PATCH] PostgreSQL: don't escape the port number in the connection string
+
+It's already an integer, not a string.
+
+Reported by Artyom Davidov, thanks!
+
+Origin: upstream, https://github.com/jedisct1/pure-ftpd/commit/c3f0f3c91d86939e6fabf5f65c6c6fc964e6032e
+Bug-Debian: https://bugs.debian.org/1058796
+Last-Update: 2024-01-11
+---
+ src/log_pgsql.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/log_pgsql.c b/src/log_pgsql.c
+index 875b71f..bb08c3b 100644
+--- a/src/log_pgsql.c
++++ b/src/log_pgsql.c
+@@ -278,7 +278,6 @@ static int pw_pgsql_connect(PGconn ** const id_sql_server)
+ *id_sql_server = NULL;
+
+ if ((escaped_server = pw_pgsql_escape_conninfo(server)) == NULL ||
+- (escaped_port = pw_pgsql_escape_conninfo(port)) == NULL ||
+ (escaped_db = pw_pgsql_escape_conninfo(db)) == NULL ||
+ (escaped_user = pw_pgsql_escape_conninfo(user)) == NULL ||
+ (escaped_pw = pw_pgsql_escape_conninfo(pw)) == NULL) {
+@@ -296,7 +295,7 @@ static int pw_pgsql_connect(PGconn ** const id_sql_server)
+ }
+ if (SNCHECK(snprintf(conninfo, sizeof_conninfo,
+ PGSQL_CONNECT_FMTSTRING,
+- escaped_server, escaped_port, escaped_db,
++ escaped_server, port, escaped_db,
+ escaped_user, escaped_pw), sizeof_conninfo)) {
+ goto bye;
+ }
+@@ -314,7 +313,6 @@ static int pw_pgsql_connect(PGconn ** const id_sql_server)
+ bye:
+ free(conninfo);
+ free(escaped_server);
+- free(escaped_port);
+ free(escaped_db);
+ free(escaped_user);
+ free(escaped_pw);
diff -Nru pure-ftpd-1.0.50/debian/patches/series pure-ftpd-1.0.50/debian/patches/series
--- pure-ftpd-1.0.50/debian/patches/series 2022-01-31 18:42:16.000000000 +0000
+++ pure-ftpd-1.0.50/debian/patches/series 2024-01-11 17:25:32.000000000 +0000
@@ -1 +1,2 @@
maria-db-cross.diff
+fix-port.patch
Control: tags 1058796 + pending
--
Dear maintainer,
I've prepared an NMU for pure-ftpd (versioned as 1.0.50-2.2) and
uploaded it to DELAYED/10. Please feel free to tell me if I
should delay it longer.
--
Regards
Sudip
diff -Nru pure-ftpd-1.0.50/debian/changelog pure-ftpd-1.0.50/debian/changelog
--- pure-ftpd-1.0.50/debian/changelog 2022-01-31 18:42:16.000000000 +0000
+++ pure-ftpd-1.0.50/debian/changelog 2024-01-11 19:40:01.000000000 +0000
@@ -1,3 +1,11 @@
+pure-ftpd (1.0.50-2.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Apply upstream patch to fix segfault by parsing
+ port number properly. (Closes: #1058796)
+
+ -- Sudip Mukherjee <sudipm.m...@gmail.com> Thu, 11 Jan 2024 19:40:01 +0000
+
pure-ftpd (1.0.50-2.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru pure-ftpd-1.0.50/debian/patches/fix-port.patch pure-ftpd-1.0.50/debian/patches/fix-port.patch
--- pure-ftpd-1.0.50/debian/patches/fix-port.patch 1970-01-01 01:00:00.000000000 +0100
+++ pure-ftpd-1.0.50/debian/patches/fix-port.patch 2024-01-11 19:39:57.000000000 +0000
@@ -0,0 +1,45 @@
+From c3f0f3c91d86939e6fabf5f65c6c6fc964e6032e Mon Sep 17 00:00:00 2001
+From: Frank Denis <git...@pureftpd.org>
+Date: Thu, 20 Jan 2022 19:54:27 +0100
+Subject: [PATCH] PostgreSQL: don't escape the port number in the connection string
+
+It's already an integer, not a string.
+
+Reported by Artyom Davidov, thanks!
+
+Origin: upstream, https://github.com/jedisct1/pure-ftpd/commit/c3f0f3c91d86939e6fabf5f65c6c6fc964e6032e
+Bug-Debian: https://bugs.debian.org/1058796
+Last-Update: 2024-01-11
+---
+ src/log_pgsql.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/log_pgsql.c b/src/log_pgsql.c
+index 875b71f..bb08c3b 100644
+--- a/src/log_pgsql.c
++++ b/src/log_pgsql.c
+@@ -278,7 +278,6 @@ static int pw_pgsql_connect(PGconn ** const id_sql_server)
+ *id_sql_server = NULL;
+
+ if ((escaped_server = pw_pgsql_escape_conninfo(server)) == NULL ||
+- (escaped_port = pw_pgsql_escape_conninfo(port)) == NULL ||
+ (escaped_db = pw_pgsql_escape_conninfo(db)) == NULL ||
+ (escaped_user = pw_pgsql_escape_conninfo(user)) == NULL ||
+ (escaped_pw = pw_pgsql_escape_conninfo(pw)) == NULL) {
+@@ -296,7 +295,7 @@ static int pw_pgsql_connect(PGconn ** const id_sql_server)
+ }
+ if (SNCHECK(snprintf(conninfo, sizeof_conninfo,
+ PGSQL_CONNECT_FMTSTRING,
+- escaped_server, escaped_port, escaped_db,
++ escaped_server, port, escaped_db,
+ escaped_user, escaped_pw), sizeof_conninfo)) {
+ goto bye;
+ }
+@@ -314,7 +313,6 @@ static int pw_pgsql_connect(PGconn ** const id_sql_server)
+ bye:
+ free(conninfo);
+ free(escaped_server);
+- free(escaped_port);
+ free(escaped_db);
+ free(escaped_user);
+ free(escaped_pw);
diff -Nru pure-ftpd-1.0.50/debian/patches/series pure-ftpd-1.0.50/debian/patches/series
--- pure-ftpd-1.0.50/debian/patches/series 2022-01-31 18:42:16.000000000 +0000
+++ pure-ftpd-1.0.50/debian/patches/series 2024-01-11 17:25:32.000000000 +0000
@@ -1 +1,2 @@
maria-db-cross.diff
+fix-port.patch
0 new messages