forwarded 762516 http://bugs.proftpd.org/show_bug.cgi?id=3788 stop
On 23.09.14 Frédéric Magnard (magn...@iap.fr) wrote: Hi Frédéric, > Subject: proftpd-basic: segfault in TLS mode with certificate when strlen on > NULL string > Package: proftpd-basic > Version: 1.3.4a-5+deb7u1 > Severity: important > Tags: upstream patch > > I /think/ I found that bug already reported in upstream. The upstream bug is already closed, but I guess this is an error. I left some comments in the bug in the hope it will be re-opened. Using that old bug as forwarding address for now. Hilmar > I use proftpd with TLS configuration like: > > # TLS > <IfModule mod_tls.c> > TLSEngine on > TLSLog /home/debian/test/proftpd/logs/proftpd_tls.log ALL > TLSProtocol SSLv23 > # TLSProtocol TLSv1 > # reject protection of the data channel > TLSRequired !data > TLSOptions AllowDotLogin > # Server's certificate > TLSRSACertificateFile /etc/ssl/certs/proftpd.cert.pem > TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.key.pem > # Authenticate clients that want to use FTP over TLS? > TLSVerifyClient off > # Change renegotiations so that they are not required, only requested > TLSRenegotiate required off > </IfModule> > > And then try to connect to it using certificates with a commande like: > curl -v --ftp-create-dirs -k --ftp-ssl-control -u debian:null -E > ~/.ssl/ftps.cat.pem ftp://server//home/debian/toto > > proftpd then segfaults on line 269 of modules/mod_auth.c: > passwd_len = strlen(cmd->arg); > > cmd->arg is NULL in this configuration, and strlen segfaults. > > To solve the bug, this line can be replaced by: > passwd_len = (cmd->arg == NULL) ? 0 : strlen(cmd->arg); -- sigmentation fault
signature.asc
Description: PGP signature
