Package: openbsd-inetd
Version: 0.20160825-3
Severity: important
I'm running tftpd between a laptop and an NFS-booted embedded board
connected by eth0. When I power the board and try to transfer
files to it, tftpd will crash, generating core files. Here is the
backtrace from one:
--------
$ gdb /usr/sbin/in.tftpd
core.in\\x2etftpd.65534.6974d7bdcfe9410bb772d64ecf41605a.1790.1549765038000000
Reading symbols from /usr/sbin/in.tftpd...(no debugging symbols found)...done.
[New LWP 1790]
Core was generated by `in.tftpd /srv/tftp'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=0x6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007f2cefaf1535 in __GI_abort () at abort.c:79
#2 0x00007f2cefb48778 in __libc_message (action=<optimized out>,
fmt=fmt@entry=0x7f2cefc5307b "*** %s ***: %s terminated\n")
at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007f2cefbd9b3d in __GI___fortify_fail_abort
(need_backtrace=need_backtrace@entry=0x1,
msg=msg@entry=0x7f2cefc52ff8 "buffer overflow detected") at
fortify_fail.c:28
#4 0x00007f2cefbd9b71 in __GI___fortify_fail (
msg=msg@entry=0x7f2cefc52ff8 "buffer overflow detected") at
fortify_fail.c:44
#5 0x00007f2cefbd7c70 in __GI___chk_fail () at chk_fail.c:28
#6 0x00007f2cefbd7082 in __strcpy_chk (dest=0x564f2a4b4724
"ftpboot/nitrogen.dtb",
src=0x564f2a4b20f8 "Access violation", destlen=0x0) at strcpy_chk.c:30
#7 0x0000564f2a4b094f in ?? ()
#8 0x0000564f2a4b07a2 in ?? ()
#9 0x00007f2cefaf309b in __libc_start_main (main=0x564f2a4b0320, argc=0x2,
argv=0x7ffc2216ec78,
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
stack_end=0x7ffc2216ec68) at ../csu/libc-start.c:308
#10 0x0000564f2a4b07fa in ?? ()
---------
The file /tftpboot/nitrogen.dtb is the one I'd like to transfer, but
for some reason, the string without the leading "/t" appears in the
backtrace. Here are the lines in /etc/inetd.conf that I modified:
-----
# /etc/inetd.conf: see inetd(8) for further informations.
#:BOOT: TFTP service is provided primarily for booting. Most sites
# run this only on machines acting as "boot servers."
172.17.0.5:tftp dgram udp wait nobody /usr/sbin/tcpd in.tftpd
/tftpboot
#192.168.42.67:tftp dgram udp wait nobody /usr/sbin/tcpd
in.tftpd /tftpboot
tftp dgram udp wait nobody /usr/sbin/tcpd
/usr/sbin/in.tftpd /srv/tftp
#:RPC: RPC based services
---
You can see that I should have changed /srv/tftp to /tftpboot. When
I do so, tftpd stops crashing. Nonetheless, it would be better for
it to print an error and exit ENOENT than to dump core.
Thanks for your hard work,
Alison Chaiken
ali...@she-devel.com
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.12 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages openbsd-inetd depends on:
ii libbsd0 0.9.1-1
ii libc6 2.28-6
ii libevent-2.1-6 2.1.8-stable-4
ii libsystemd0 240-5
ii libwrap0 7.6.q-27
ii lsb-base 10.2018112800
ii tcpd 7.6.q-27
ii update-inetd 4.49
openbsd-inetd recommends no packages.
openbsd-inetd suggests no packages.
-- no debconf information
