Package: elinks
Version: 0.10.4-7
Severity: important
Tags: patch
IPv6 ftp connections crash if "set protocol.ftp.use_epsv = 0" is set in
elisp.conf.
The crash is caused by get_pasv6_socket, which overwrites the stack since it
clears an argument of type struct sockaddr_storage in get_pasv6_socket, but
it was passed a struct sockaddr_in6 as parameter. The size of
struct sockaddr_storage (128) is larger than struct sockaddr_in6 (28), which
leads to overwriting the stack.
---
Crash output:
ELinks crashed. That shouldn't happen. Please report this incident to
developers. If you would like to help to debug the problem you just
uncovered, please keep the core you just got and send the developers
output of 'bt' command entered inside of gdb (which you run as:
gdb elinks core). Thanks a lot for your cooperation!
ELinks 0.10.4 (built on May 21 2005 13:57:21)
Features:
Standard, Fastmem, IPv6, gzip, bzip2, Cascading Style Sheets, Protocol
(File, FTP, HTTP, NNTP, SMB, URI rewrite, User protocols),
SSL (GnuTLS), MIME (Option system, Mailcap, Mimetypes files), LED
indicators,
Bookmarks, Cookies, Form History, Global History, Scripting (Lua, Perl)
/usr/bin/elinks(dump_backtrace+0x1d)[0x80d4dbd]
/usr/bin/elinks[0x80946c4]
/usr/bin/elinks[0x8094a04]
[0xffffe420]
[0x0]
Avbruten (SIGABRT)
---
patch:
--- ftp.c~ 2005-04-06 11:30:30.000000000 +0200
+++ ftp.c 2005-06-10 09:39:13.000000000 +0200
@@ -597,7 +597,7 @@
add_file_cmd_to_str(struct connection *conn)
{
#ifdef CONFIG_IPV6
- struct sockaddr_in6 data_addr;
+ struct sockaddr_storage data_addr;
#endif
struct ftp_connection_info *c_i;
struct string command;
@@ -668,7 +668,7 @@
if (c_i->use_epsv)
add_to_string(&command, "EPSV");
else
- add_eprtcmd_to_string(&command, &data_addr);
+ add_eprtcmd_to_string(&command, (struct
sockaddr_in6 *)&data_addr);
else
#endif
if (c_i->use_pasv)
@@ -702,7 +702,7 @@
if (c_i->use_epsv)
#endif
struct ftp_connection_info *c_i;
struct string command;
@@ -668,7 +668,7 @@
if (c_i->use_epsv)
add_to_string(&command, "EPSV");
else
- add_eprtcmd_to_string(&command, &data_addr);
+ add_eprtcmd_to_string(&command, (struct
sockaddr_in6 *)&data_addr);
else
#endif
if (c_i->use_pasv)
@@ -702,7 +702,7 @@
if (c_i->use_epsv)
add_to_string(&command, "EPSV");
else
- add_eprtcmd_to_string(&command, &data_addr);
+ add_eprtcmd_to_string(&command, (struct
sockaddr_in6 *)&data_addr);
else
#endif
if (c_i->use_pasv)
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing'), (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-vserver-k7
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Versions of packages elinks depends on:
ii debconf 1.4.30.13 Debian configuration management sy
ii libbz2-1.0 1.0.2-7 high-quality block-sorting file co
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libexpat1 1.95.8-3 XML parsing C library - runtime li
ii libgnutls11 1.0.16-13.1 GNU TLS library - runtime library
ii libgpmg1 1.19.6-19sarge1 General Purpose Mouse - shared lib
ii libidn11 0.5.13-1.0 GNU libidn library, implementation
ii liblua50 5.0.2-5 Main interpreter library for the L
ii liblualib50 5.0.2-5 Extension library for the Lua 5.0
ii libperl5.8 5.8.4-8 Shared Perl library
ii zlib1g 1:1.2.2-4 compression library - runtime
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
