Hi,
I'm getting a buffer overflow when connecting to certain ssh servers with lftp. Environment ----------- I'm using Ubuntu Linux 10.04 Lucid, both i686 and x86_64 architectures. This problem happens with lftp 4.0.2, the Lucid default, version 4.0.6 from Ubuntu 10.10, and self-compiled versions of 4.2.0, both compiled with GNU TLS and with OpenSSL instead. This problem does not occur with 3.7.14 on Ubuntu 8.10 The problem occurs when connecting to VShell or WS_FTP servers: SSH-2.0-VShell_3_0_4_656 VShell SSH-2.0-VShell_3_5_0_351 VShell SSH-2.0-WS_FTP-SSH_6.1.1 Problem ------- The problem is when I connect to a server running VShell or WS_FTP. I just do an 'ls' and get a buffer overflow like so: $ ./src/lftp -u user,pass -p 22 sftp://ftp.somedomain.com/incoming/ -e ls cd ok, cwd=/incoming *** buffer overflow detected ***: ./src/lftp terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x37)[0x7f41e55e0217] /lib/libc.so.6(+0xfe0d0)[0x7f41e55df0d0] /lib/libc.so.6(+0xfd539)[0x7f41e55de539] /lib/libc.so.6(_IO_default_xsputn+0xcc)[0x7f41e5556d1c] /lib/libc.so.6(_IO_vfprintf+0x3d34)[0x7f41e552a0d4] /lib/libc.so.6(__vsprintf_chk+0x99)[0x7f41e55de5d9] /lib/libc.so.6(__sprintf_chk+0x7f)[0x7f41e55de51f] ./src/lftp[0x44ec15] ./src/lftp[0x49472a] ./src/lftp[0x494ac3] ./src/lftp[0x496874] ./src/lftp[0x43c3f3] ./src/lftp[0x40ba6d] ./src/lftp[0x4083a5] /lib/libc.so.6(__libc_start_main+0xfd)[0x7f41e54ffc4d] ./src/lftp[0x4079e9] ======= Memory map: ======== 00400000-004e0000 r-xp 00000000 08:01 6689254 /home/sean/src/lftp-4.2.0-gnu/src/lftp 006df000-006e1000 r--p 000df000 08:01 6689254 /home/sean/src/lftp-4.2.0-gnu/src/lftp 006e1000-006e5000 rw-p 000e1000 08:01 6689254 /home/sean/src/lftp-4.2.0-gnu/src/lftp 006e5000-006f8000 rw-p 00000000 00:00 0 01013000-010a0000 rw-p 00000000 00:00 0 [heap] 7f41e4a20000-7f41e4a23000 r-xp 00000000 08:01 17826058 /lib/libgpg-error.so.0.4.0 7f41e4a23000-7f41e4c22000 ---p 00003000 08:01 17826058 /lib/libgpg-error.so.0.4.0 7f41e4c22000-7f41e4c23000 r--p 00002000 08:01 17826058 /lib/libgpg-error.so.0.4.0 7f41e4c23000-7f41e4c24000 rw-p 00003000 08:01 17826058 /lib/libgpg-error.so.0.4.0 7f41e4c24000-7f41e4c99000 r-xp 00000000 08:01 17826056 /lib/libgcrypt.so.11.5.2 7f41e4c99000-7f41e4e98000 ---p 00075000 08:01 17826056 /lib/libgcrypt.so.11.5.2 7f41e4e98000-7f41e4e99000 r--p 00074000 08:01 17826056 /lib/libgcrypt.so.11.5.2 7f41e4e99000-7f41e4e9c000 rw-p 00075000 08:01 17826056 /lib/libgcrypt.so.11.5.2 7f41e4e9c000-7f41e4eb2000 r-xp 00000000 08:01 17826028 /lib/libz.so.1.2.3.3 7f41e4eb2000-7f41e50b1000 ---p 00016000 08:01 17826028 /lib/libz.so.1.2.3.3 7f41e50b1000-7f41e50b2000 r--p 00015000 08:01 17826028 /lib/libz.so.1.2.3.3 7f41e50b2000-7f41e50b3000 rw-p 00016000 08:01 17826028 /lib/libz.so.1.2.3.3 7f41e50b3000-7f41e50c3000 r-xp 00000000 08:01 11017323 /usr/lib/libtasn1.so.3.1.7 7f41e50c3000-7f41e52c2000 ---p 00010000 08:01 11017323 /usr/lib/libtasn1.so.3.1.7 7f41e52c2000-7f41e52c3000 r--p 0000f000 08:01 11017323 /usr/lib/libtasn1.so.3.1.7 7f41e52c3000-7f41e52c4000 rw-p 00010000 08:01 11017323 /usr/lib/libtasn1.so.3.1.7 7f41e52c4000-7f41e52dc000 r-xp 00000000 08:01 17829852 /lib/libpthread-2.11.1.so 7f41e52dc000-7f41e54db000 ---p 00018000 08:01 17829852 /lib/libpthread-2.11.1.so 7f41e54db000-7f41e54dc000 r--p 00017000 08:01 17829852 /lib/libpthread-2.11.1.so 7f41e54dc000-7f41e54dd000 rw-p 00018000 08:01 17829852 /lib/libpthread-2.11.1.so 7f41e54dd000-7f41e54e1000 rw-p 00000000 00:00 0 7f41e54e1000-7f41e565b000 r-xp 00000000 08:01 17826174 /lib/libc-2.11.1.so 7f41e565b000-7f41e585a000 ---p 0017a000 08:01 17826174 /lib/libc-2.11.1.so 7f41e585a000-7f41e585e000 r--p 00179000 08:01 17826174 /lib/libc-2.11.1.so 7f41e585e000-7f41e585f000 rw-p 0017d000 08:01 17826174 /lib/libc-2.11.1.so 7f41e585f000-7f41e5864000 rw-p 00000000 00:00 0 7f41e5864000-7f41e587a000 r-xp 00000000 08:01 17825847 /lib/libgcc_s.so.1 7f41e587a000-7f41e5a79000 ---p 00016000 08:01 17825847 /lib/libgcc_s.so.1 7f41e5a79000-7f41e5a7a000 r--p 00015000 08:01 17825847 /lib/libgcc_s.so.1 7f41e5a7a000-7f41e5a7b000 rw-p 00016000 08:01 17825847 /lib/libgcc_s.so.1 7f41e5a7b000-7f41e5a7d000 r-xp 00000000 08:01 17829365 /lib/libdl-2.11.1.so 7f41e5a7d000-7f41e5c7d000 ---p 00002000 08:01 17829365 /lib/libdl-2.11.1.so 7f41e5c7d000-7f41e5c7e000 r--p 00002000 08:01 17829365 /lib/libdl-2.11.1.so 7f41e5c7e000-7f41e5c7f000 rw-p 00003000 08:01 17829365 /lib/libdl-2.11.1.so 7f41e5c7f000-7f41e5cbd000 r-xp 00000000 08:01 17825863 /lib/libncurses.so.5.7 7f41e5cbd000-7f41e5ebd000 ---p 0003e000 08:01 17825863 /lib/libncurses.so.5.7 7f41e5ebd000-7f41e5ec1000 r--p 0003e000 08:01 17825863 /lib/libncurses.so.5.7 7f41e5ec1000-7f41e5ec2000 rw-p 00042000 08:01 17825863 /lib/libncurses.so.5.7 7f41e5ec2000-7f41e5ec4000 r-xp 00000000 08:01 17829894 /lib/libutil-2.11.1.so 7f41e5ec4000-7f41e60c3000 ---p 00002000 08:01 17829894 /lib/libutil-2.11.1.so 7f41e60c3000-7f41e60c4000 r--p 00001000 08:01 17829894 /lib/libutil-2.11.1.so 7f41e60c4000-7f41e60c5000 rw-p 00002000 08:01 17829894 /lib/libutil-2.11.1.so 7f41e60c5000-7f41e60fe000 r-xp 00000000 08:01 17826067 /lib/libreadline.so.6.1 7f41e60fe000-7f41e62fd000 ---p 00039000 08:01 17826067 /lib/libreadline.so.6.1 7f41e62fd000-7f41e62ff000 r--p 00038000 08:01 17826067 /lib/libreadline.so.6.1 7f41e62ff000-7f41e6305000 rw-p 0003a000 08:01 17826067 /lib/libreadline.so.6.1 7f41e6305000-7f41e6306000 rw-p 00000000 00:00 0 7f41e6306000-7f41e630d000 r-xp 00000000 08:01 17829857 /lib/librt-2.11.1.so 7f41e630d000-7f41e650c000 ---p 00007000 08:01 17829857 /lib/librt-2.11.1.so 7f41e650c000-7f41e650d000 r--p 00006000 08:01 17829857 /lib/librt-2.11.1.so 7f41e650d000-7f41e650e000 rw-p 00007000 08:01 17829857 /lib/librt-2.11.1.so 7f41e650e000-7f41e65aa000 r-xp 00000000 08:01 11015248 /usr/lib/libgnutls.so.26.14.12 7f41e65aa000-7f41e67a9000 ---p 0009c000 08:01 11015248 /usr/lib/libgnutls.so.26.14.12 7f41e67a9000-7f41e67af000 r--p 0009b000 08:01 11015248 /usr/lib/libgnutls.so.26.14.12 7f41e67af000-7f41e67b0000 rw-p 000a1000 08:01 11015248 /usr/lib/libgnutls.so.26.14.12 7f41e67b0000-7f41e67d0000 r-xp 00000000 08:01 17825800 /lib/ld-2.11.1.so Aborted Versions -------- ~/src/lftp-4.2.0-gnu$ ./src/lftp -v LFTP | Version 4.2.0 | Copyright (c) 1996-2011 Alexander V. Lukyanov ... Libraries used: Readline 6.1, GnuTLS 2.8.5, zlib 1.2.3.3 ~/src/lftp-4.2.0-openssl$ ./src/lftp -v LFTP | Version 4.2.0 | Copyright (c) 1996-2011 Alexander V. Lukyanov ... Libraries used: Readline 6.1, OpenSSL 0.9.8k 25 Mar 2009, zlib 1.2.3.3 Any ideas? Sean Purdy
