Bug#312805: marked as done (elinks: Active mode IPv6 ftp connections crash)

Thu, 25 May 2006 01:45:07 -0700 

Your message dated Thu, 25 May 2006 10:30:17 +0200
with message-id <[EMAIL PROTECTED]>
and subject line closing old bugs
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: elinks
Version: 0.10.4-7
Severity: important
Tags: patch

IPv6 ftp connections crash if "set protocol.ftp.use_epsv = 0" is set in
elisp.conf.

The crash is caused by get_pasv6_socket, which overwrites the stack since it
clears an argument of type struct sockaddr_storage in get_pasv6_socket, but
it was passed a struct sockaddr_in6 as parameter. The size of
struct sockaddr_storage (128) is larger than struct sockaddr_in6 (28), which
leads to overwriting the stack.

---
Crash output:

ELinks crashed. That shouldn't happen. Please report this incident to
developers. If you would like to help to debug the problem you just
uncovered, please keep the core you just got and send the developers
output of 'bt' command entered inside of gdb (which you run as:
gdb elinks core). Thanks a lot for your cooperation!

ELinks 0.10.4 (built on May 21 2005 13:57:21)

Features:
Standard, Fastmem, IPv6, gzip, bzip2, Cascading Style Sheets, Protocol
(File, FTP, HTTP, NNTP, SMB, URI rewrite, User protocols),
SSL (GnuTLS), MIME (Option system, Mailcap, Mimetypes files), LED
indicators,
Bookmarks, Cookies, Form History, Global History, Scripting (Lua, Perl)

/usr/bin/elinks(dump_backtrace+0x1d)[0x80d4dbd]
/usr/bin/elinks[0x80946c4]
/usr/bin/elinks[0x8094a04]
[0xffffe420]
[0x0]
Avbruten (SIGABRT)

---
patch:

--- ftp.c~      2005-04-06 11:30:30.000000000 +0200
+++ ftp.c       2005-06-10 09:39:13.000000000 +0200
@@ -597,7 +597,7 @@
 add_file_cmd_to_str(struct connection *conn)
 {
 #ifdef CONFIG_IPV6
-       struct sockaddr_in6 data_addr;
+       struct sockaddr_storage data_addr;
 #endif
        struct ftp_connection_info *c_i;
        struct string command;
@@ -668,7 +668,7 @@
                        if (c_i->use_epsv)
                                add_to_string(&command, "EPSV");
                        else
-                               add_eprtcmd_to_string(&command, &data_addr);
+                               add_eprtcmd_to_string(&command, (struct 
sockaddr_in6 *)&data_addr);
                else
 #endif
                        if (c_i->use_pasv)
@@ -702,7 +702,7 @@
                        if (c_i->use_epsv)
 #endif
        struct ftp_connection_info *c_i;
        struct string command;
@@ -668,7 +668,7 @@
                        if (c_i->use_epsv)
                                add_to_string(&command, "EPSV");
                        else
-                               add_eprtcmd_to_string(&command, &data_addr);
+                               add_eprtcmd_to_string(&command, (struct 
sockaddr_in6 *)&data_addr);
                else
 #endif
                        if (c_i->use_pasv)
@@ -702,7 +702,7 @@
                        if (c_i->use_epsv)
                                add_to_string(&command, "EPSV");
                        else
-                               add_eprtcmd_to_string(&command, &data_addr);
+                               add_eprtcmd_to_string(&command, (struct 
sockaddr_in6 *)&data_addr);
                else
 #endif
                        if (c_i->use_pasv)


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-vserver-k7
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)

Versions of packages elinks depends on:
ii  debconf                  1.4.30.13       Debian configuration management sy
ii  libbz2-1.0               1.0.2-7         high-quality block-sorting file co
ii  libc6                    2.3.2.ds1-22    GNU C Library: Shared libraries an
ii  libexpat1                1.95.8-3        XML parsing C library - runtime li
ii  libgnutls11              1.0.16-13.1     GNU TLS library - runtime library
ii  libgpmg1                 1.19.6-19sarge1 General Purpose Mouse - shared lib
ii  libidn11                 0.5.13-1.0      GNU libidn library, implementation
ii  liblua50                 5.0.2-5         Main interpreter library for the L
ii  liblualib50              5.0.2-5         Extension library for the Lua 5.0 
ii  libperl5.8               5.8.4-8         Shared Perl library
ii  zlib1g                   1:1.2.2-4       compression library - runtime

-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 0.11.1-1 

as far as I an tell these patches were all incorporated and the bugs gone
with the newer releases. (some were plain invalid, more than a year old reports,
or unreplied questions.)

tell me if you think otherwise.

thanks.

--- End Message ---

Reply via email to