Package: proftpd-basic
Version: 1.3.5-1.1+deb8u1
We are experiencing what looks like a memory leak in proftpd-basic, debian
jessie ( 8.4 ) Stable with kernel 3.16.0-4-686-pae #1 SMP Debian
3.16.7-ckt25-2 (2016-04-08) i686 GNU/Linux
Description :
With RMemoryLimit set to 64Mb, single file large transfers (
tested with 15gb single file ) fail.
Proftpd forked process increases it`s memory footprint until it
reaches 64Mb, when it is killed and the transfer fails.
This problem appeared after enabling tlsv1.2 ( TLSProtocol TLSv1
TLSv1.1 TLSv1.2) Might be a coincidence. But, as the systems are
productive, reverting to tlsv1.0 only for a test is not viable at the
moment.
Test case :
2 x Vmware virtual machines, configured with : 4x Vcpu / 12Gb ram,
Debian 8.4 up-to-date. Identical config files ( attached at the end of
this e-mail as plain text )
Relevant packages : proftpd-basic-1.3.5-1.1+deb8u1;
proftpd-doc-1.3.5-1.1+deb8u1; proftpd-mod-ldap-1.3.5-1.1+deb8u1;
proftpd-mod-mysql-1.3.5-1.1+deb8u1; proftpd-mod-pgsql-1.3.5-1.1+deb8u1
TEST ->
dd if=/dev/zero of=test15GB.tar.gz bs=15M count=1024
ftp1:~# while sleep 1; do ps aux | grep test15GB.tar.gz | grep -v grep;
done
dbput 5539 6.0 0.0 24048 10820 ? SL 11:30 0:00 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.0 0.0 24048 11084 ? RL 11:30 0:00 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 19.0 0.0 24048 11348 ? SL 11:30 0:00 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 19.7 0.0 24048 11348 ? SL 11:30 0:00 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 20.0 0.0 24180 11612 ? SL 11:30 0:01 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 20.3 0.0 24312 11612 ? SL 11:30 0:01 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 20.2 0.0 24312 11876 ? RL 11:30 0:01 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 19.2 0.0 24444 11876 ? SL 11:30 0:01 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 19.1 0.0 24444 11876 ? SL 11:30 0:01 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 19.4 0.0 24576 11876 ? SL 11:30 0:01 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 19.0 0.0 24708 12140 ? SL 11:30 0:02 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 18.8 0.0 24708 12140 ? SL 11:30 0:02 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 18.7 0.0 24840 12140 ? SL 11:30 0:02 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 18.7 0.0 24972 12404 ? SL 11:30 0:02 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 18.5 0.0 24972 12404 ? SL 11:30 0:02 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 18.5 0.0 25104 12404 ? RL 11:30 0:02 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 18.1 0.1 25104 12668 ? SL 11:30 0:03 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 17.8 0.1 25236 12668 ? SL 11:30 0:03 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 17.6 0.1 25236 12668 ? RL 11:30 0:03 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 17.5 0.1 25368 12668 ? SL 11:30 0:03 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 17.2 0.1 25368 12668 ? SL 11:30 0:03 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 17.2 0.1 25368 12932 ? SL 11:30 0:03 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
********* TRUNCATED *********
dbput 5539 16.3 0.4 70116 57548 ? SL 11:30 1:57 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.3 0.4 70248 57548 ? SL 11:30 1:58 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.3 0.4 70248 57812 ? RL 11:30 1:58 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.4 0.4 70380 57812 ? SL 11:30 1:58 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.4 0.4 70512 57812 ? SL 11:30 1:58 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.3 0.4 70512 57812 ? SL 11:30 1:58 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.3 0.4 70512 57812 ? SL 11:30 1:58 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.3 0.4 70512 58076 ? SL 11:30 1:59 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.3 0.4 70644 58076 ? RL 11:30 1:59 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.3 0.4 70776 58076 ? SL 11:30 1:59 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.3 0.4 70776 58076 ? SL 11:30 1:59 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.4 0.4 70908 58340 ? SL 11:30 1:59 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.4 0.4 71040 58340 ? SL 11:30 2:00 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
dbput 5539 16.4 0.4 71040 58340 ? RL 11:30 2:00 proftpd:
dbput - 9.155.92.33: STOR test15GB.tar.gz
Configuration File : ( truncated : dns names, ip`s and usernames with ***
) ( RMemoryLimit was removed as the systems are productive )
cat proftpd.conf | grep -v "^#"
Include /etc/proftpd/modules.conf
ServerIdent on "***"
MultilineRFC2228 on
DisplayConnect "/etc/banner"
ServerType standalone
DefaultServer on
Port 21
PassivePorts 65024 65535
AllowForeignAddress off
Umask 027
IdentLookups off
UseReverseDNS off
UseIPv6 off
TimeoutIdle 1800
TimeoutStalled 600
TimeoutNoTransfer 1800
MaxInstances 250
User nobody
Group nogroup
DefaultRoot /home/ftp/.to pla
DefaultRoot ~ !dbput
AllowOverwrite off
MaxStoreFileSize *
DeleteAbortedStores on
LogFormat transfer "proftpd\[%P\]: Transfer %a %L %m %b %T %s A=%A F=%F
U=%U"
LogFormat commands "proftpd\[%P\]: Command %r %s"
<Global>
ExtendedLog /var/log/proftpd-log.fifo READ,WRITE transfer
ExtendedLog /var/log/proftpd-log.fifo ALL commands
DelayEngine off
</Global>
<Directory /home/dcmusr>
Umask 0007
</Directory>
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd-log.fifo
TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSRequired off
TLSRenegotiate required off
TLSOptions NoSessionReuseRequired
TLSRSACertificateFile /etc/proftpd/keys/ftp.***.com.pem
TLSRSACertificateKeyFile /etc/proftpd/keys/ftp.***.com.key
TLSCACertificateFile /etc/proftpd/keys/geotrust.chain.pem
TLSCipherSuite "AES256-SHA:DES-CBC3-SHA:AES128-SHA"
TLSVerifyClient off
TLSOptions NoCertRequest
</IfModule>
AuthPAM on
<Limit SITE_CHMOD>
DenyAll
</Limit>
<Limit LOGIN >
Order Allow,Deny
AllowUser ***USR***
AllowUser ***USR***
Allow from ***IP***
Allow from ***IP***
Allow from ***IP***
Allow from ***IP***
Allow from ***IP***
Allow from ***IP***
Allow from ***IP***
DenyAll
</Limit>
<Limit PORT PASV >
AllowAll
</Limit>
<Directory /home/ftp >
<Limit SIZE >
AllowAll
</Limit>
</Directory >
include /etc/proftpd/proftpd_anonymous.conf
<VirtualHost ***IP***>
ServerIdent on "FTP***"
User nobody
Group nogroup
MaxClients 10
PassivePorts 65024 65535
AllowForeignAddress on
IdentLookups off
DefaultRoot ~ , !staff
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd-log.fifo
TLSRequired on
TLSRenegotiate required off
TLSOptions NoSessionReuseRequired
TLSRSACertificateFile
/etc/proftpd/keys/ftps/ftps***com.crt.pem
TLSRSACertificateKeyFile
/etc/proftpd/keys/ftps/ftps***.com.key.pem
TLSCACertificateFile
/etc/proftpd/keys/ftps/ftps.geotrust.chain.pem
TLSCipherSuite "AES256-SHA:DES-CBC3-SHA:AES128-SHA"
TLSVerifyClient off
</IfModule>
<Limit SITE_CHMOD>
DenyAll
</Limit>
<Limit LOGIN >
Order Allow,Deny
AllowUser ***USR***
AllowUser ***USR***
DenyAll
</Limit>
</VirtualHost>
<VirtualHost ***IP*** >
ServerIdent on "FTP server ftp.***.com ready"
DisplayConnect "/etc/banner"
User ftp
Group nogroup
DefaultRoot ~ !dbput
IdentLookups off
PassivePorts 65024 65535
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd-log.fifo
TLSRequired off
TLSRenegotiate required off
TLSOptions NoSessionReuseRequired
TLSRSACertificateFile /etc/proftpd/keys/ftp.***.com.pem
TLSRSACertificateKeyFile /etc/proftpd/keys/ftp.***.com.key
TLSCACertificateFile /etc/proftpd/keys/geotrust.chain.pem
TLSCipherSuite "AES256-SHA:DES-CBC3-SHA:AES128-SHA"
TLSVerifyClient off
</IfModule>
AllowOverwrite off
MaxStoreFileSize *
DeleteAbortedStores on
<Limit SITE_CHMOD>
DenyAll
</Limit>
<Limit LOGIN >
Order Allow,Deny
Allow from ***IP*** # This must be configured ....
Allow from ***IP*** # This must be configured ....
DenyAll
</Limit>
MasqueradeAddress ***IP***
AllowForeignAddress off
include /etc/proftpd/proftpd_anonymous.conf
</VirtualHost>
<VirtualHost ***IP***>
ServerIdent on "FTP server *** ready"
DisplayConnect "/etc/banner.secure"
User ftp
Group nogroup
DefaultRoot ~
IdentLookups off
PassivePorts 65024 65535
AllowOverwrite off
MaxStoreFileSize *
DeleteAbortedStores on
<Limit SITE_CHMOD>
DenyAll
</Limit>
<Limit LOGIN >
Order Allow,Deny
Allow from ***IP*** # This must be configured ....
Allow from ***IP*** # This must be configured ....
DenyAll
</Limit>
AllowForeignAddress off
include /etc/proftpd/proftpd_secure_dir.conf
</VirtualHost>
Exceptand situatiile in care partile au convenit in alt mod: / Unless
stated otherwise above:
IBM România S.R.L.
Bucharest Business Park, Corp A2, Şos. Bucureşti-Ploieşti Nr. 1A, 013681
Bucureşti 1, ROMANIA
CIF RO378660, RC J/40/5106/1991
Cap.Soc. 41.670 Lei
