Bug#349001: proftpd: Proftpd segfaults on connection close

Fri, 20 Jan 2006 03:33:16 -0800 

Package: proftpd
Version: 1.2.10-27
Severity: normal
Tags: patch


Dear Maintainer,

I've backported the 1.2.10-27 package to sarge, in order to fix the signal 11 
problems you addressed lately. However, I'm running into some segfaults
of my own.

On connection closure (closed by client), proftpd reports a signal 11 in the 
logfiles. While not very important, it sure is annoying.

After debugging the problem, I discovered that the segfault is triggered in 
src/netio.c. For some reason, the close function pointer in the ctrl_netio
variable is a nullpointer. The code surrounding the closing of the connection 
checks for a nullpointer on the variable, but not on the function
itself. The attached patch fixes the problem for us.

Please apply. This patch possibly does not fix the underlying problem, but it 
fixes the side effects. The patch is sane.

Regards,

Allard Hoeve

-- System Information:
Debian Release: 3.1
  APT prefers stable
  APT policy: (600, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-ac10-byte
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages proftpd depends on:
ii  adduser                   3.63           Add and remove users and groups
ii  debconf                   1.4.30.13      Debian configuration management sy
ii  libc6                     2.3.2.ds1-22   GNU C Library: Shared libraries an
ii  libcap1                   1:1.10-14      support for getting/setting POSIX.
ii  libpam0g                  0.76-22        Pluggable Authentication Modules l
ii  libssl0.9.7               0.9.7e-3sarge1 SSL shared libraries
ii  libwrap0                  7.6.dbs-8      Wietse Venema's TCP wrappers libra
ii  netbase                   4.21           Basic TCP/IP networking system
pn  proftpd-common                           Not found.
ii  ucf                       1.17           Update Configuration File: preserv

--- proftpd-1.2.10/src/netio.c.old      2004-06-15 16:45:21.000000000 +0000
+++ proftpd-1.2.10/src/netio.c          2006-01-20 11:01:08.000000000 +0000
@@ -205,21 +205,21 @@
   }
 
   if (nstrm->strm_type == PR_NETIO_STRM_CTRL) {
-    res = ctrl_netio ? ctrl_netio->close(nstrm) :
+    res = ctrl_netio && ctrl_netio->close ? ctrl_netio->close(nstrm) :
       core_ctrl_netio->close(nstrm);
     destroy_pool(nstrm->strm_pool);
     return res;
   }
 
   if (nstrm->strm_type == PR_NETIO_STRM_DATA) {
-    res = data_netio ? data_netio->close(nstrm) :
+    res = data_netio && data_netio->close ? data_netio->close(nstrm) :
       core_data_netio->close(nstrm);
     destroy_pool(nstrm->strm_pool);
     return res;
   }
 
   if (nstrm->strm_type == PR_NETIO_STRM_OTHR) {
-    res = othr_netio ? othr_netio->close(nstrm) :
+    res = othr_netio && othr_netio->close ? othr_netio->close(nstrm) :
       core_othr_netio->close(nstrm);
     destroy_pool(nstrm->strm_pool);
     return res;

Reply via email to