Package: ftp Version: 0.17-12 Severity: normal
I (accidentally) used GET rather than MGET to download multiple files from our printer and got a segfault in netkit-ftp. Turns out it happens with other ftp servers, too: $ gdb ./ftp GNU gdb 6.3-debian Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-linux"...Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) r ftp.debian.org Starting program: /tmp/photos/netkit-ftp-0.17/ftp/ftp ftp.debian.org Connected to ftp.debian.org. 220 saens.debian.org FTP server (vsftpd) Name (ftp.debian.org:porten): anonymous 331 Please specify the password. Password: 230- 230-This site is just another one in a worldwide array of Debian mirrors. 230-It is not the "primary Debian FTP site" -- it is merely an official 230-mirror that is in the United States of America. 230- 230-If you are connecting from outside the USA, please consider using another 230-official Debian mirror, one that is closer to you. This will likely help 230-you by speeding up your downloads, and it will help us by lessening the 230-load on this machine. 230- 230-Current list of Debian mirrors is at http://www.debian.org/mirror/list 230- 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> get PICT0324.JPG PICT0325.JPG PICT0326.JPG PICT0327.JPG PICT0328.JPG PICT0329.JPG PICT0330.JPG PICT0331.JPG PICT0332.JPG PICT0333.JPG PICT0334.JPG PICT0335.JPG PICT0336.JPG PICT0337.JPG PICT0338.JPG PICT0339.JPG PICT0340.JPG PICT0341.JPG PICT0342.JPG PICT0343.JPG PICT0344.JPG PICT0345.JPG PICT0346.JPG PICT0347.JPG PICT0348.JPG PICT0349.JPG PICT0350.JPG PICT0351.JPG PICT0352.JPG PICT0353.JPG PICT0354.JPG PICT0355.JPG PICT0356.JPG PICT0357.JPG PICT0358.JPG PICT0359.JPG PICT0360.JPG PICT0361.JPG PICT0324.JPG PICT0325.JPG PICT0326.JPG PICT0327.JPG PICT0328.JPG PICT0329.JPG PICT0330.JPG PICT0331.JPG PICT0332.JPG PICT0333.JPG PICT0334.JPG PICT0335.JPG PICT0336.JPG PICT0337.JPG PICT0338.JPG PICT0339.JPG PICT0340.JPG PICT0341.JPG PICT0342.JPG PICT0343.JPG PICT0344.JPG PICT0345.JPG PICT0346.JPG PICT0347.JPG PICT0348.JPG PICT0349.JPG PICT0350.JPG PICT0351.JPG PICT0352.JPG PICT0353.JPG PICT0354.JPG PICT0355.JPG PICT0356.JPG PICT0357.JPG PICT0358.JPG PICT0359.JPG PICT0360.JPG PICT0361.JPG local: PICT0325.JPG remote: PICT0324.JPG Program received signal SIGSEGV, Segmentation fault. 0x400fa5d5 in getc () from /lib/tls/libc.so.6 (gdb) bt #0 0x400fa5d5 in getc () from /lib/tls/libc.so.6 #1 0x08050038 in getreply (expecteof=0) at ftp.c:409 #2 0x0804fec2 in command (fmt=0x80553bd "TYPE %s") at ftp.c:370 #3 0x0804a5d2 in changetype (newtype=3, show=134647295) at cmds.c:348 #4 0x08051476 in recvrequest (cmd=0x8055448 "RETR", local=0x8068ea8 "PICT0325.JPG", remote=0x8068acc "PICT0324.JPG", lmode=0x8055446 "w", printnames=1) at ftp.c:932 #5 0x0804b0ae in getit (argc=77, argv=0x80619a0, restartit=0, modestr=0x8068dff "PICT0349.JPG") at cmds.c:740 #6 0x0804af40 in get (argc=134647295, argv=0x8068dff) at cmds.c:617 #7 0x08054208 in cmdscanner (top=1) at main.c:432 #8 0x08053aed in main (argc=1, argv=0xbffff8b8) at main.c:254 (gdb) up #1 0x08050038 in getreply (expecteof=0) at ftp.c:409 409 while ((c = getc(cin)) != '\n') { (gdb) info locals c = 134657856 n = 0 dig = 0 cp = 0x8061ac0 "g\216\006\bt\216\006\b\201\216\006\b\216\216\006\b\233\216\006\b" originalcode = 0 continuation = 0 pflag = 0 px = 0 (gdb) The crash does not occur with a shorter list of files so I am tempted to say that this is a buffer overflow. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-386 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages ftp depends on: ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an ii libncurses5 5.4-4 Shared libraries for terminal hand ii libreadline5 5.0-10 GNU readline and history libraries -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
