Package: gftp Version: 2.0.18-10 Severity: grave Justification: renders package unusable
Hi,
Making segfault is similar to (closed) bug #325587, just connect to an FTP site
and try to download one file (click with left arrow button).
I recompiled with debug "gftp-2.0.18" (apt-get source)
===========================================
Program received signal SIGSEGV, Segmentation fault.
0x08077c9c in rfc959_ipv4_data_connection_new (request=0x822fa30) at
rfc959.c:706
706 memcpy (&data_addr.sin_addr,
(gdb) bt
#0 0x08077c9c in rfc959_ipv4_data_connection_new (request=0x822fa30) at
rfc959.c:706
#1 0x080787db in rfc959_data_connection_new (request=0x822fa30) at rfc959.c:969
#2 0x08078c60 in rfc959_get_file (request=0x822fa30,
filename=0x822f918 "/rep/fichier", fd=-1, startsize=0) at rfc959.c:1107
It is here (rfc959.c, line 1936)
=============================================
if (ignore_pasv_address)
{
#if defined (HAVE_GETADDRINFO)
memcpy (&data_addr.sin_addr,
&((struct sockaddr_in *)
request->current_hostp->ai_addr)->sin_addr,
sizeof (data_addr.sin_addr));
#else
memcpy (&data_addr.sin_addr,
request->hostp->h_addr_list[request->curhost],
request->hostp->h_length);
#endif
pos = (char *) &data_addr.sin_addr;
request->logging_function (gftp_logging_error, request,
_("Ignoring IP address in PASV response, connecting to
%d.%d.%d.%d:%d\n"),
pos[0] & 0xff, pos[1] & 0xff, pos[2] & 0xff, pos[3] & 0xff,
ntohs (data_addr.sin_port));
}
else
memcpy (&data_addr.sin_addr, &ad[0], 4);
=============================================
As you can see, it only happens, when the general option "Ignore PASV address"
is ticked.
(and with configure HAVE_GETADDRINFO)
I saw that the request->current_hostp (and request->hostp) was NULL.
The structure "fromreq" is created for the first time here:
transfer_window_files (src/gtk/transfer.c):
transfer->fromreq = gftp_copy_request (fromwdata->request);
transfer->toreq = gftp_copy_request (towdata->request);
transfer->fromwdata = fromwdata;
Inside "fromwdate->request", hostp and current_hostp are not NULL, but after
the call
transfer->fromreq will have hostp=NULL.
The problem is in "lib/misc", gftp_copy_request
When you want to transfer files : current_hostp is not NULL and hostp is NULL.
That's the problem.
When browsing the ftp, the fonction is called with host filled (not NULL), so
it's ok !
[
Loading directory listing / from server ([EMAIL PROTECTED])
PASV
227 Entering Passive Mode (11,22,33,44,195,105)
Ignoring IP address in PASV response, connecting to 11.22.33.44:50025
]
(misc.c, around line 1335)
=============================================
#if defined (HAVE_GETADDRINFO) && defined (HAVE_GAI_STRERROR)
struct addrinfo *hostp = req->hostp;
struct addrinfo *newhostp = newreq->hostp; /* <=== bug */
while (hostp != NULL)
{
newhostp = g_malloc (sizeof(struct addrinfo));
memcpy(newhostp, hostp, sizeof(struct addrinfo));
newhostp->ai_addr = g_malloc (sizeof(struct sockaddr));
memcpy(newhostp->ai_addr, hostp->ai_addr, sizeof(struct sockaddr));
if (hostp->ai_canonname)
newhostp->ai_canonname = strdup(hostp->ai_canonname);
if (req->current_hostp == hostp)
newreq->current_hostp = newhostp;
hostp = hostp->ai_next; newhostp = newhostp->ai_next;
}
#else
newreq->hostp = g_malloc (sizeof(struct hostent));
memcpy(newreq->hostp, req->hostp, sizeof(struct hostent));
newreq->host = req->host;
newreq->curhost = req->curhost;
#endif
=============================================
The first element is never set to newreq->hostp, because malloc is done after.
I also think that listed list is not correct (only if req->hostp->ai_next !=
NULL,
which is not very common).
That's all !
Matthieu Crapet
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-matt
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages gftp depends on:
ii gftp-gtk 2.0.18-10 X/GTK+ FTP client
ii gftp-text 2.0.18-10 colored FTP client using GLib
gftp recommends no packages.
-- no debconf information
misc.c-patch.gz
Description: Binary data
