Your message dated Wed, 03 Mar 2021 22:19:27 +0000
with message-id <[email protected]>
and subject line Bug#953085: fixed in vsftpd 3.0.3-13
has caused the Debian Bug report #953085,
regarding vsftpd: Segmenetation fault when compiling without PAM
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
953085: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953085
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: vsftpd
Version: 3.0.3-12
Severity: important
Tags: patch
The problem happens when compiling vsftpd without PAM (comment out #define
VSF_BUILD_PAM in builddefs.h).
If doing so, passwd and shadow is used. When using an correct local user but a
wrong password a segmentation fault happens in function
vsf_sysdep_check_auth() in file sysdeputil.c. If vsf_sysutil_strcmp in line 288
evaluates not to 0 (in case of a wrong password),
it not will return 1 but will make the crypt with passwd field. But since there
is an shadow item, the passwd item will have an "X".
Therefore the crypt function will return NULL (with 'X' as salt) and therefore
the vsf_sysutil_strcmp in line 301 will produce an segmenetation fault.
The fix is is that after the if in line 288 there should be an else with return
0.
Additionally there could be added NULL checks for p_crypted in line 288 and 301
before using strcmp.
i.A. Daniel Frey
M.Sc. Informatik
Software-Architekt
NewTec GmbH
Heinrich-von-Stephan-Straße 8
79100 Freiburg
Telefon: +49 (0) 761 21117-353
Telefax: +49 (0) 761 21117-41
Email: [email protected]<mailto:[email protected]>
Web: www.newtec.de<http://www.newtec.de/>
----------------------------------------------------------------
Geschäftsführer: Frank Haberbosch, Harald Molle, Ulrich Schwer,
Michael Tröscher, Johannes Werbach, Matthias Wolbert
Registergericht Memmingen - HRB 7236 USt.-IdNr. DE130850199
----------------------------------------------------------------
vsftpd-3.0.3_segfault_wrongpassword.patch
Description: vsftpd-3.0.3_segfault_wrongpassword.patch
--- End Message ---
--- Begin Message ---
Source: vsftpd
Source-Version: 3.0.3-13
Done: Keng-Yu Lin <[email protected]>
We believe that the bug you reported is fixed in the latest version of
vsftpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Keng-Yu Lin <[email protected]> (supplier of updated vsftpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 Mar 2021 05:05:45 +0800
Source: vsftpd
Architecture: source
Version: 3.0.3-13
Distribution: unstable
Urgency: medium
Maintainer: Keng-Yu Lin <[email protected]>
Changed-By: Keng-Yu Lin <[email protected]>
Closes: 953085 970436 975585
Changes:
vsftpd (3.0.3-13) unstable; urgency=medium
.
[Frey Daniel]
* Fix FTBFS when configured with NO_PAM (Closes: #953085)
.
[Svante Signell]
* Add sysvinit-utils in Depends (Closes: #975585)
.
[Sven Dreyer]
* Fix a type in manpage (Closes: #970436)
Checksums-Sha1:
cbd9f01b3e32ef4b96426dc3f109ac82364fbbfd 1875 vsftpd_3.0.3-13.dsc
d5f5a180dbecd0fbcdc92bf0ba2fc001c962b55a 196649 vsftpd_3.0.3.orig.tar.gz
e016af6b7d5c04cd840786de69c3b8adb72173d8 35716 vsftpd_3.0.3-13.debian.tar.xz
9d032e638264062a1fcb56cd0df6ecad1f9faa3b 6343 vsftpd_3.0.3-13_source.buildinfo
Checksums-Sha256:
db69a62e457e55b5dbc615aea4f3bf5cc52a07c7deeacd4f2a985c24db2c0ca9 1875
vsftpd_3.0.3-13.dsc
9d4d2bf6e6e2884852ba4e69e157a2cecd68c5a7635d66a3a8cf8d898c955ef7 196649
vsftpd_3.0.3.orig.tar.gz
d23737bb19fa215a9b9da35e450e0bc5619c8cb84ba81274c17d203f2bbe7602 35716
vsftpd_3.0.3-13.debian.tar.xz
c6dd7dd3094fc6fee8f37b09e54beca1b05693c14702295271ff49de9ab3f1e8 6343
vsftpd_3.0.3-13_source.buildinfo
Files:
0264f80bf198d49d99c1925dc87d5f11 1875 net optional vsftpd_3.0.3-13.dsc
da119d084bd3f98664636ea05b5bb398 196649 net optional vsftpd_3.0.3.orig.tar.gz
ae6cdf8dcef0d7793afbbbd458d6ed93 35716 net optional
vsftpd_3.0.3-13.debian.tar.xz
17c8c2e9ddb102fc7084f443af59381d 6343 net optional
vsftpd_3.0.3-13_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEdwtc2/tLhothQ0hFxheGnxR4UE4FAmBABSoSHGtlbmd5dUBk
ZWJpYW4ub3JnAAoJEMYXhp8UeFBO7+0P/0YD92T0XOvbb8ObAC/SDMXctBjMD+H4
CwK6dWNT1nO/kUXDgZZ6BYIYIhRAhYs2J/VyynR24letrPLWUZc6I7ibHpIA07Ta
tnr8nRKNMBTMpq1D61QmBuNHEa2i0R8epeiYFK6vnhLvBq9dKjYTO8Nd5evpoQy/
iYQkWLp5Q3hjTcg5vGJ39831GXGcfdIeQoBTNmQLXygodBuG29tdLGxCmUFcVwvv
cNlf+JLRh/DRaNuh+yEUyPojWOWNEz4o8eEM7LR+qZvvyVRZAtdAmikZnhU+M+yy
QoXNW6r6S/Q4aTTvyA1yrUh4S7oVJgxRup+1d935tm66FAy4+G2jeD0n9VX7U37Q
p3fv+iG+u+qzueQ6f5M52ETAbvviP3E+2SRtg3be6U128Yr6X+1vzRXeaT5nD8xr
MU5Xn3jNOlydRXBigmdziSsR9dOyxZNXwQKEHiTB0enkJoUURXXLdYjRDmTj6bAY
+CBQe6IBwy4v8CNoX6sZJrd8W9PTfVDgLsCEAyktbZgp/ks6gUWzZvzAWouixTok
VujNxGZ2JSwiERM0S8XUjCx7PecknMSF3Jh1af1qVAY+uazQsrqbwPyM/Rqy2Mj8
SaVVjXZbROnFjnb5n3SbxAmFK5okpRRWTjLBNBe9InhXk7G5iCjTjUfK/lBsQ6lr
ovk7KSy+Yd5d
=MGyl
-----END PGP SIGNATURE-----
--- End Message ---
