Bug#1058796: pure-ftpd-postgresql unable to connect to PostgreSQL with segfault at 1538

[Sudip Mukherjee]

I can confirm that I can reproduce the segfault and can also confirm that
the upstream commit at
https://github.com/jedisct1/pure-ftpd/commit/c3f0f3c91d86939e6fabf5f65c6c6fc964e6032e
has fixed the problem for me.


-- 
Regards
Sudip

Bug#1058796: pure-ftpd-postgresql unable to connect to PostgreSQL with segfault at 1538

[Gian Luca Dalla Torre]

Package: pure-ftpd-postgresql
Version: 1.0.50-2.1+b2
Severity: important

Dear Maintainer,

We are re-installing a new machine to replace our previous FTP server by 
installing the mentioned package.

We have configured the server by copying the same parameters we have on the 
previous machine, but when we test the connectivity, we observe that:

* There is no connection to PostgreSQL to verify the credentials.
* The client's connection is terminated by directly closing the socket.

The error log shows the following message:

Dec 16 09:51:01 application pure-ftpd[696673]: (?@151.51.150.195) [INFO] New 
connection from 151.51.150.195
Dec 16 09:51:01 application pure-ftpd[696673]: (?@151.51.150.195) [DEBUG] 
Command [feat] []
Dec 16 09:51:02 application pure-ftpd[696673]: (?@151.51.150.195) [DEBUG] 
Command [user] [upload3@]
Dec 16 09:51:02 application pure-ftpd[696673]: (?@151.51.150.195) [DEBUG] 
Command [pass] [<*>]
Dec 16 09:51:02 application kernel: pure-ftpd-postg[696673]: segfault at 1538 
ip 7efceb2f0618 sp 7ffed80aec58 error 4 in 
libc.so.6[7efceb1af000+155000] likely on CPU 31 (core 1, socket 1)

indicating that there is a segmentation fault within the code of the package.

The situation is well described in this link:

https://superuser.com/questions/1800870/why-is-pure-ftpd-postgresql-not-connecting-to-my-postgresql-database

Continuing the research, it seems to be a problem caused by an error in 
PureFTPd 1.0.50, which also occurred in FreeBSD (the error was identical, with 
the same segmentation fault):

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261358

The developer has provided the patch to fix the issue:

https://bz-attachments.freebsd.org/attachment.cgi?id=231197

Without fixing the problem, it is not possible to use the package. In previous 
Debian releases, the issue was not present because the PureFTPd version was not 
1.0.50.

It is not possible to use PostgreSQL connection with PureFTPd with Bookworm 
release. I assume that by applying the mentioned patch, the package will start 
working as required.

-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-14-amd64 (SMP w/40 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages pure-ftpd-postgresql depends on:
ii  libc6 2.36-9+deb12u3
ii  libcap2   1:2.66-4
ii  libcrypt1 1:4.4.33-2
ii  libpam0g  1.5.2-6+deb12u1
ii  libpq515.5-0+deb12u1
ii  libsodium23   1.0.18-1
ii  libssl3   3.0.11-1~deb12u2
ii  openbsd-inetd [inet-superserver]  0.20221205-2~deb12u1
ii  pure-ftpd-common  1.0.50-2.1
ii  sysvinit-utils [lsb-base] 3.06-4

pure-ftpd-postgresql recommends no packages.

pure-ftpd-postgresql suggests no packages.

-- Configuration Files:
/etc/pure-ftpd/db/postgresql.conf changed [not included]

-- no debconf information