[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal 0.6.4 ftpd crash




>> at least on my FreeBSD 3.1RC3 (Sarge) with tho xeons, there is a
>> problem with crashing ftp server. I can connect to, log in with no
>> problems, but trying to do anythong with the remote data (for example
>> issuing 'ls' or 'dir' command) crashes the ftp daemon. Other parts of
>> heimdal like kdc, kinit, telnetd, gssapi from openssh etc. seem to
>> work fine. Also, non-heimdal ftpd worked fine. The same problem for
>> heimdal 0.6.3 and 0.6.4. Please, do you have any idea what could be
>> wrong ? Is it possible that ftpd is not smp-safe ?
>
> Can you provide a backtrace from the coredump ?

There is no core file generated (I have no ulimit set, so I do not know 
why), but I found a way around to get the information:

# gdb --args ./ftpd -a plain -i -v
GNU gdb 6.3-debian

(gdb) run
Starting program: /usr/local/libexec/ftpd -a plain -i -v
ftpd: bind af = 2: Address already in use

Here I connected to the ftpd, logged in and issued simple "ls". The 
result in gdb:

Program received signal SIGSEGV, Segmentation fault.
0x08054187 in ftpd_popen (program=0xbfffc520 "/bin/ls", type=0x80a23ac 
"r", do_stderr=1, no_glob=0) at popen.c:156
156     popen.c: No such file or directory.
         in popen.c

(gdb) backtrace
#0  0x08054187 in ftpd_popen (program=0xbfffc520 "/bin/ls", type=0x80a23ac 
"r", do_stderr=1, no_glob=0) at popen.c:156
#1  0x0804f4af in retrieve (cmd=0x80a146f "/bin/ls -la %s", 
name=0xbfffc520 "/bin/ls") at ftpd.c:1051
#2  0x08051dc0 in list_file (file=0x80a0510 ".") at ftpd.c:2209
#3  0x0804bd3a in yyparse () at ftpcmd.y:292
#4  0x0804e235 in main (argc=0, argv=0x80a0e97) at ftpd.c:435


The same situation, but for trying to retrieve file by get (the same 
results for getting both existent and non-existent file

(gdb) run
Starting program: /usr/local/libexec/ftpd -a plain -i -v
ftpd: bind af = 2: Address already in use

Program exited normally.

But on the client side (heimdal's ftp) I get "Segmentation fault". So the 
trace of the client side:

ftp> get xxx

Program received signal SIGSEGV, Segmentation fault.
0x0804e378 in globulize (cpp=0x80aecc8) at cmds.c:1576
1576    cmds.c: No such file or directory.
         in cmds.c
(gdb) backtrace
#0  0x0804e378 in globulize (cpp=0x80aecc8) at cmds.c:1576
#1  0x0804c234 in getit (argc=3, argv=0x80aecc0, restartit=0, mode=0x0) at 
cmds.c:617
#2  0x0804c161 in get (argc=0, argv=0x0) at cmds.c:590
#3  0x080537f3 in cmdscanner (top=1) at main.c:325
#4  0x0805345d in main (argc=1, argv=0xbfffdef8) at main.c:162



First of all, I do not know, why there is the "Address already in use" 
message even if the ftpd apparently binds to the network ports and 
communicates with the client (no inetd definition for ftpd present to be 
sure his is not the problem inetd reserves the port). But it is probably 
innocent and not related.

> Are you using the builtin ls or an external one ?

it seem to call a /bin/ls binary:

access("//bin/ls", X_OK)

The problem is ont only "ls" command. For example "get" also does not work 
and coredumps. But "cd /path/to/somewhere" works fine.


David