Bug#353175: marked as done (proftpd-ldap segfaults in (probably) ldap module)

[Debian Bug Tracking System]

Your message dated Tue, 18 Apr 2006 05:02:11 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#353175: fixed in proftpd 1.3.0-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: proftpd-ldap
Version: 1.2.10-27

proftpd segfaults trying to authenticate users via LDAP in all observed
cases. Authenticating users via PAM (which relies on files, not on LDAP
in our configuration) works.

We found no workaround, so downgraded to 1.2.10-26 for now.


This is a sample ftp session as seen by the client:

--8><---------------------------------------------------------------

ftp> open XXXXX
Connected to XXXXX.capcom.de.
220 XXXXXXXXX FTP Server ready.
Name (XXXXX:XXXXXXXX):
331 Password required for XXXXXXXX.
Password:
421 Service not available, remote server has closed connection
Login failed.
No control connection for command: Permission denied

--8><---------------------------------------------------------------


This is the corresponding syslog entry:

--8><---------------------------------------------------------------

Feb 16 17:06:41 XXXXX proftpd[6458]: XXXXX.capcom.de 
(XXXXXX.capcom.de[XXXXXXXXXXXXXXX]) - FTP session opened.
Feb 16 17:06:45 XXXXX proftpd[6458]: XXXXX.capcom.de 
(XXXXXX.capcom.de[XXXXXXXXXXXXXXX]) - ProFTPD terminating (signal 11)
Feb 16 17:06:45 XXXXX proftpd[6458]: XXXXX.capcom.de 
(XXXXXX.capcom.de[XXXXXXXXXXXXXXX]) - FTP session closed.

--8><---------------------------------------------------------------


The last observable activity of the proftpd is enquiring the user and
group information from the LDAP server and receiving appropriate
responses. The segfault occurs after receiving the last group search
response. strace shows that the segfault occurs outside of a system
call. ltrace shows two searches for configuration keys (AnonymousGroup
and AuthAliasOnly, both unset) and then this (last line of the config
search included):

--8><---------------------------------------------------------------

[pid 6511] strcmp("AuthAliasOnly", "USER")       = -1
[pid 6511] memset(0x815e53c, '\000', 48)         = 0x815e53c
[pid 6511] memset(0x815e56c, '\000', 4)          = 0x815e56c
[pid 6511] strcasecmp("getpwnam", "getpwnam")    = 0
[pid 6511] memcpy(0xbfd72a40, "", 2048)          = 0xbfd72a40
[pid 6511] strcasecmp("getpwnam", "getpwnam")    = 0
[pid 6511] memcpy(0xbfd72a40, "", 2048)          = 0xbfd72a40
[pid 6511] strcasecmp("XXXXXXXX", "XXXXXXXX")    = 0
[pid 6511] memset(0x8155904, '\000', 20)         = 0x8155904
[pid 6511] memset(0x815e574, '\000', 28)         = 0x815e574
[pid 6511] strlen("XXXXXXXX")                    = 8
[pid 6511] strlen("XXXXXXXXXXXXXXXXXXXXX")       = 21
[pid 6511] strlen("")                            = 0
[pid 6511] strlen("XXXXXXXX")                    = 8
[pid 6511] memset(0x815e5d4, '\000', 48)         = 0x815e5d4
[pid 6511] memset(0x815e604, '\000', 4)          = 0x815e604
[pid 6511] strcasecmp("gid_name", "gid_name")    = 0
[pid 6511] memcpy(0xbfd72a40, "", 2048)          = 0xbfd72a40
[pid 6511] strcasecmp("gid_name", "gid_name")    = 0
[pid 6511] memcpy(0xbfd72a40, "", 2048)          = 0xbfd72a40
[pid 6511] --- SIGSEGV (Segmentation fault) ---

--8><---------------------------------------------------------------


proftpd configuration file:

--8><---------------------------------------------------------------

#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
# 

ServerName                      "XXXXXXXXX FTP Server"
ServerType                      standalone
ServerAdmin                     [EMAIL PROTECTED]
DeferWelcome                    off
IdentLookups                    off

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on
Umask                           0113 0002

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

ServerIdent                     on "XXXXXXXXX FTP Server ready."
DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                     "-l"

DenyFilter                      \*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
PersistentPasswd                off

# Uncomment this if you would use TLS module:
#TLSEngine                      on

# Uncomment this if you would use quota module:
#Quotas                         on

# Uncomment this if you would use ratio module:
#Ratios                         on

# Port 21 is the standard FTP port.
Port                            21

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the user and group that the server normally runs at.
User                            nobody
Group                           nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                           022  022
# Normally, we want files to be overwriteable.
AllowOverwrite                  on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default. 
#DelayEngine                    off

# A basic anonymous configuration, no upload directories.

<Anonymous ~ftp>
  User                          ftp
  Group                         ftp
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                     anonymous ftp
  # Cosmetic changes, all files belongs to ftp user
  DirFakeUser   on ftp
  HideNoAccess                  on
  DirFakeGroup on ftp

  RequireValidShell             off

  # Limit the maximum number of anonymous logins
  MaxClients                    10

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                  welcome.msg
  DisplayFirstChdir             .message

  # Limit WRITE everywhere in the anonymous chroot
  <Directory *>
    <Limit WRITE>
      DenyAll
    </Limit>
  </Directory>

  # Limit downloads to 300kB/s, first MB does not count against this limit.
  TransferRate RETR 300:1024
# 
#   # Uncomment this if you're brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   #   Umask                           022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>

</Anonymous>


# Nicht-anonyme Benutzer

DefaultChDir ~ capcom
DefaultRoot ~ !capcom

LDAPServer XXXXXXXXXX.capcom.de
LDAPDNInfo "" ""
LDAPDoAuth on ou=people,dc=capcom,dc=de "(uid=%v)"
LDAPAuthBinds on
LDAPDefaultUID 101
LDAPDefaultGID 104
LDAPDoUIDLookups on ou=people,dc=capcom,dc=de "(uid=%v)"
LDAPDoGIDLookups on ou=groups,dc=capcom,dc=de
CreateHome on
LDAPGenerateHomedir on
LDAPGenerateHomedirPrefix /ccftp/projects
RequireValidShell off

<Directory /ccftp/home>
  Umask 0177 0077
</Directory>

--8><---------------------------------------------------------------


Kernel version: 2.6.15-1-686

Installed versions of packages on which protpd-ldap depends:
netbase 4.24
libc6 2.3.5-13
libcap1 1:1.10-14
debconf 1.4.70
libldap2 2.1.30-12
libpam0g 0.79-3
libssl0.9.8 0.9.8a-7
libwrap0 7.6.dbs-8
proftpd-common 1.2.10-27
adduser 3.80
ucf 2.005


Regards,
   Ralph Rößner

--- End Message ---

--- Begin Message ---

Source: proftpd
Source-Version: 1.3.0-1

We believe that the bug you reported is fixed in the latest version of
proftpd, which is due to be installed in the Debian FTP archive:

proftpd-doc_1.3.0-1_all.deb
  to pool/main/p/proftpd/proftpd-doc_1.3.0-1_all.deb
proftpd-ldap_1.3.0-1_all.deb
  to pool/main/p/proftpd/proftpd-ldap_1.3.0-1_all.deb
proftpd-mysql_1.3.0-1_all.deb
  to pool/main/p/proftpd/proftpd-mysql_1.3.0-1_all.deb
proftpd-pgsql_1.3.0-1_all.deb
  to pool/main/p/proftpd/proftpd-pgsql_1.3.0-1_all.deb
proftpd_1.3.0-1.diff.gz
  to pool/main/p/proftpd/proftpd_1.3.0-1.diff.gz
proftpd_1.3.0-1.dsc
  to pool/main/p/proftpd/proftpd_1.3.0-1.dsc
proftpd_1.3.0-1_i386.deb
  to pool/main/p/proftpd/proftpd_1.3.0-1_i386.deb
proftpd_1.3.0.orig.tar.gz
  to pool/main/p/proftpd/proftpd_1.3.0.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Francesco Paolo Lovergine <[EMAIL PROTECTED]> (supplier of updated proftpd 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 18 Apr 2006 12:42:04 +0200
Source: proftpd
Binary: proftpd proftpd-mysql proftpd-pgsql proftpd-ldap proftpd-doc
Architecture: source all i386
Version: 1.3.0-1
Distribution: unstable
Urgency: low
Maintainer: Francesco Paolo Lovergine <[EMAIL PROTECTED]>
Changed-By: Francesco Paolo Lovergine <[EMAIL PROTECTED]>
Description: 
 proftpd    - Versatile, virtual-hosting FTP daemon
 proftpd-doc - Versatile, virtual-hosting FTP daemon (Documentation)
 proftpd-ldap - Versatile, virtual-hosting FTP daemon (dummy transitional 
package
 proftpd-mysql - Versatile, virtual-hosting FTP daemon (dummy transitional 
package
 proftpd-pgsql - Versatile, virtual-hosting FTP daemon (dummy transitional 
package
Closes: 207136 274414 349827 353175 356221
Changes: 
 proftpd (1.3.0-1) unstable; urgency=low
 .
   The "Here we go" release.
 .
   * New upstream release (final). Just closing fixed-in-experimental issues.
     (closes: #353175, #349827, #207136, #274414, #356221)
   * First upload to unstable.
   * Moved to LSB logging in proftpd.init and changed a bit script inners.
   * Revised mysql_config use in rules file.
Files: 
 07728bfc9ad23c3c65eafdacf5505bb7 892 net optional proftpd_1.3.0-1.dsc
 e53786f320eace50e0746e97624dfd79 1868706 net optional proftpd_1.3.0.orig.tar.gz
 9da0ce5dd85dcbfc96084b71c8cc8248 65853 net optional proftpd_1.3.0-1.diff.gz
 fcefdbd296c437563fce4d848eaadfde 620306 net optional proftpd_1.3.0-1_i386.deb
 213283559f046aa25c0cef7af612beac 480184 doc optional 
proftpd-doc_1.3.0-1_all.deb
 a6eb9301a21e020688b57ecc3aadaacd 160500 net optional 
proftpd-mysql_1.3.0-1_all.deb
 33164d786357ce6e0aebcd7df75552a5 160500 net optional 
proftpd-pgsql_1.3.0-1_all.deb
 5dbac2dc20f8cb5013896403925a8f1d 160500 net optional 
proftpd-ldap_1.3.0-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFERNQvpFNRmenyx0cRApRUAJ9/S9epp9LSzWkHOSpMJsbaUl9iUACdHszX
Taol/q9QwiKYk3lXejCxYSA=
=J/RR
-----END PGP SIGNATURE-----

--- End Message ---