Bug#1090813: downloading a file contains the contents of another file

Yann Petrick y.petrick at gmail.com
Thu Dec 19 15:34:21 GMT 2024


Package: proftpd-core
Version: 1.3.7a+dfsg-12+deb11u3
Tags: patch
Source: proftpd-dfsg

Description of the incorrect behavior:
The PassivePorts directive can cause proftpd to swap data streams across
clients when the server is in passive mode. (see
https://github.com/proftpd/proftpd/issues/1826). The cause of the issue
seems to be that proftpd uses the same PassivePort with the socket option
SO_REUSEPORT for multiple clients in parallel.

Related proftpd issues:
- https://github.com/proftpd/proftpd/issues/1171 (main issue)
- https://github.com/proftpd/proftpd/issues/1191
- https://github.com/proftpd/proftpd/issues/1826

The issue was fixed in the proftpd codebase with commit 5ac622f and merged
into version 1.3.8rc1 (commit 3411200). There is also a backport for
version 1.3.7b (commit 57ae0b5) and a fix for the backport (commit a7db0fa).

Debian oldstable proftpd-dfsg is using proftpd 1.3.7a source, and I am
still able to reproduce the issue with the latest proftpd-core release.

Suggested fix:
The commits 57ae0b5 and a7db0fa from the proftpd source, which fix the
issue, should be patched into proftpd-dfsg.


More information about the Pkg-proftpd-maintainers mailing list