[SRU] pure-ftpd-postgresql 1.0.50 segfaults after client connects
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pure-ftpd (Debian) |
Fix Released
|
Unknown
|
|||
pure-ftpd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned | ||
Lunar |
Won't Fix
|
Undecided
|
Unassigned | ||
Mantic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
pure-ftpd-
[ Test Plan ]
* Install pure-ftpd-
* open /etc/pure-
* use the command "sudo systemctl restart pure-ftpd-
* Use the following command to create the postgresql database which pure-ftpd will use.
- sudo -u postgres createdb pureftpd
* Use the following command to use psql to connect the db
- sudo -u postgres psql pureftpd
* while connected use the followwing commands:
- ALTER USER postgres WITH PASSWORD 'rootpw';
- CREATE TABLE "users" (
"User" TEXT NOT NULL,
"Password" TEXT NOT NULL,
"Uid" INTEGER NOT NULL default '-1',
"Gid" INTEGER NOT NULL default '-1',
"Dir" TEXT NOT NULL,
PRIMARY KEY ("User")
) WITHOUT OIDS;
- insert into users values ('sudip', 'test', 1000, 1000, '/home/sudip');
- enter \q to exit psql
* The above commands are for my test environment. Please modify username or cleartext password or uid or gid as appropriate for anyone else testing.
* Use the following command to connect to the ftp server:
- ftp localhost
- enter username and password as given in the psql insert command. For my environment, username is 'sudip', and password is 'test'.
* If the package is not fixed it will end with:
421 Service not available, remote server has closed connection.
ftp: Login failed
and dmesg will show there was a segfault from pure-ftpd-
* With the fixed package, it will connect to the ftp server.
[ Where problems could occur ]
* This is an upstream patch which is only changing the port number it is using to connect to the postgresql server. There is no other change. At the worst case, it will not be able to connect to the postgresql server and user will not be able to login to the ftp server.
* It is already completely unusable for users, and this will not cause any more regression than what user experiences now.
[ Other Info ]
* All versions from v1.0.50 is affected so only Focal is unaffected.
[ Original Bug Description ]
This is essentially a duplicate of Debian bug https:/
After a client connects to pure-ftpd-
```
$ lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04
```
```
$ apt-cache policy pure-ftpd-
pure-ftpd-
Installed: 1.0.50-2.1
Candidate: 1.0.50-2.1
Version table:
*** 1.0.50-2.1 500
500 http://
100 /var/lib/
```
```
Jan 9 10:26:42 info pure-ftpd-
Jan 9 10:26:42 info systemd[1]: Started pure-ftpd-
Jan 9 10:26:52 info kernel: [347086.735293] pure-ftpd-
Jan 9 10:26:52 info kernel: [347086.735338] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f
Jan 9 10:26:57 info kernel: [347091.872524] pure-ftpd-
Jan 9 10:26:57 info kernel: [347091.872562] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f
Jan 9 10:36:24 info kernel: [347659.224784] pure-ftpd-
Jan 9 10:36:24 info kernel: [347659.224806] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f
Jan 9 10:36:30 info kernel: [347665.416357] pure-ftpd-
Jan 9 10:36:30 info kernel: [347665.416396] Code: 00 00 00 00 00 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 89 f8 62 a1 fd 00 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 34 01 00 00 <62> f3 7d 20 3f 07 00 c5 fb 93 c0 85 c0 74 55 f3 0f bc c0 c3 f3 0f
```
The bug is already fixed in upstream via https:/
Changed in pure-ftpd (Debian): | |
status: | Unknown → New |
Changed in pure-ftpd (Ubuntu): | |
status: | New → In Progress |
Changed in pure-ftpd (Ubuntu Jammy): | |
status: | New → In Progress |
Changed in pure-ftpd (Ubuntu Lunar): | |
status: | New → In Progress |
Changed in pure-ftpd (Ubuntu Mantic): | |
status: | New → In Progress |
Changed in pure-ftpd (Ubuntu): | |
assignee: | nobody → Sudip Mukherjee (sudipmuk) |
Changed in pure-ftpd (Ubuntu Jammy): | |
assignee: | nobody → Sudip Mukherjee (sudipmuk) |
Changed in pure-ftpd (Ubuntu Lunar): | |
assignee: | nobody → Sudip Mukherjee (sudipmuk) |
Changed in pure-ftpd (Ubuntu Mantic): | |
assignee: | nobody → Sudip Mukherjee (sudipmuk) |
Changed in pure-ftpd (Debian): | |
status: | New → Fix Committed |
Changed in pure-ftpd (Debian): | |
status: | Fix Committed → Fix Released |
I can reproduce the issue on Noble, Mantic, Lunar and Jammy. Also tested and confirmed that it works without any issue on Focal.