Bug#762516: proftpd-basic: segfault in TLS mode with certificate when strlen on NULL, string

Hilmar Preusse hille42 at web.de
Thu Sep 1 13:38:44 UTC 2016 

forwarded 762516 http://bugs.proftpd.org/show_bug.cgi?id=3788
stop

On 23.09.14 Frédéric Magnard (magnard at iap.fr) wrote:

Hi Frédéric,

> Subject: proftpd-basic: segfault in TLS mode with certificate when strlen on NULL string
> Package: proftpd-basic
> Version: 1.3.4a-5+deb7u1
> Severity: important
> Tags: upstream patch
> 
> 
I /think/ I found that bug already reported in upstream. The upstream
bug is already closed, but I guess this is an error. I left some
comments in the bug in the hope it will be re-opened.

Using that old bug as forwarding address for now.

Hilmar

> I use proftpd with TLS configuration like:
> 
> # TLS
> <IfModule mod_tls.c>
>  TLSEngine on
>  TLSLog /home/debian/test/proftpd/logs/proftpd_tls.log ALL
>  TLSProtocol SSLv23
> #  TLSProtocol TLSv1
>  # reject protection of the data channel
>  TLSRequired !data
>  TLSOptions AllowDotLogin
>  # Server's certificate
>  TLSRSACertificateFile /etc/ssl/certs/proftpd.cert.pem
>  TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.key.pem
>  # Authenticate clients that want to use FTP over TLS?
>  TLSVerifyClient off
>  # Change renegotiations so that they are not required, only requested
>  TLSRenegotiate required off
> </IfModule>
> 
> And then try to connect to it using certificates with a commande like:
> curl -v --ftp-create-dirs -k --ftp-ssl-control -u debian:null -E ~/.ssl/ftps.cat.pem ftp://server//home/debian/toto
> 
> proftpd then segfaults on line 269 of modules/mod_auth.c:
> passwd_len = strlen(cmd->arg);
> 
> cmd->arg is NULL in this configuration, and strlen segfaults.
> 
> To solve the bug, this line can be replaced by:
> passwd_len = (cmd->arg == NULL) ? 0 : strlen(cmd->arg);

-- 
sigmentation fault
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-proftpd-maintainers/attachments/20160901/463daf49/attachment.sig>

More information about the Pkg-proftpd-maintainers mailing list