NetBSD Problem Report #38589
From martin@duskware.de Mon May 5 19:41:13 2008
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id EFD1D63B293
for <gnats-bugs@gnats.netbsd.org>; Mon, 5 May 2008 19:41:12 +0000 (UTC)
Message-Id: <20080505185901.4ACB363B293@narn.NetBSD.org>
Date: Mon, 5 May 2008 18:59:01 +0000 (UTC)
From: bruce@cran.org.uk
Reply-To: bruce@cran.org.uk
To: netbsd-bugs-owner@NetBSD.org
Subject: Piping editline commands to ftp causes it to segfault
X-Send-Pr-Version: www-1.0
>Number: 38589
>Category: bin
>Synopsis: Piping editline commands to ftp causes it to segfault
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: lukem
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon May 05 19:45:00 +0000 2008
>Closed-Date: Mon May 05 22:55:13 +0000 2008
>Last-Modified: Fri Oct 31 18:50:03 +0000 2014
>Originator: Bruce Cran
>Release: 4.0
>Organization:
>Environment:
NetBSD 4.0 NetBSD 4.0 (GENERIC) #0: Sun Dec 16 00:20:10 PST 2007 builds@wb34:/home/builds/ab/netbsd-4-0-RELEASE/i386/200712160005Z-obj/home/builds/ab/netbsd-4-0-RELEASE/src/sys/arch/i386/compile/GENERIC i386
>Description:
ftp only expects to be given editline commands through an interactive terminal. It segfaults if one is piped in e.g
echo bind | ftp
The problem occurs because editline is only intialized if an interactive
tty is being used. Otherwise, the controlediting function in util.c
skips all the intializing calls. However, later on cmdscanner is called
which attempts to run el_parse on unknown commands. 'el' is NULL and
causes a segfault when it's dereferenced in the map_bind function in the editline library.
>How-To-Repeat:
echo bind | ftp
>Fix:
Only call el_parse if 'editing' is 1 or if 'el' isn't NULL?
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: bin-bug-people->lukem
Responsible-Changed-By: lukem@NetBSD.org
Responsible-Changed-When: Mon, 05 May 2008 22:43:15 +0000
Responsible-Changed-Why:
my fault, my responsibility
State-Changed-From-To: open->closed
State-Changed-By: lukem@NetBSD.org
State-Changed-When: Mon, 05 May 2008 22:55:13 +0000
State-Changed-Why:
Fixed in ftp 20080505 (use 'ftp about:version' to obtain the version).
Thanks for the bug report!
From: Luke Mewburn <lukem@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/38589 CVS commit: src/usr.bin/ftp
Date: Mon, 5 May 2008 22:54:11 +0000 (UTC)
Module Name: src
Committed By: lukem
Date: Mon May 5 22:54:11 UTC 2008
Modified Files:
src/usr.bin/ftp: main.c version.h
Log Message:
Only attempt to el_parse() a command unknown by the default parser
if editing is enabled.
Fixes PR bin/38589
To generate a diff of this commit:
cvs rdiff -r1.107 -r1.108 src/usr.bin/ftp/main.c
cvs rdiff -r1.74 -r1.75 src/usr.bin/ftp/version.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Luke Mewburn <lukem@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/38589 CVS commit: othersrc/usr.bin/tnftp/src
Date: Wed, 20 May 2009 12:15:25 +0000
Module Name: othersrc
Committed By: lukem
Date: Wed May 20 12:15:25 UTC 2009
Update of /cvsroot/othersrc/usr.bin/tnftp/src
In directory ivanova.netbsd.org:/tmp/cvs-serv15241
Log Message:
Import NetBSD usr.bin/ftp from 20090520:
* Only attempt to el_parse() a command unknown by the default parser
if editing is enabled.
Fixes PR 38589.
* Turn off the alarmtimer before resetting the SIGALRM handler back to SIG_DFL.
Fixes PR 35630.
* Add epsv6 and epsv to disable extended passive mode for ipv6 or both ipv4
and ipv6 respectively. This hack is due to our friends a Juniper Networks
who break epsv in ipv6. Should be fixed in ScreenOS 6.2.X.
* Improve parsing of chunked transfer chunks per RFC2616:
- more stringent chunk-size parsing
- ignore optional trailing ';chunk-ext' stuff, instead of barfing
- detect EOF before final \r\n.
* Use the service name to getaddrinfo() (along with the host name), so that
features such as DNS Service Discovery have a better chance of working.
Display the service name in various status & error messages.
* Don't getservbyname() the :port component of a URL; RFC 3986 says it's
just an unsigned number, not a service name.
* Fix numerous WARNS=4 issues (-Wcast-qual -Wsign-compare).
* Fix -Wshadow issues
* Update copyrights
* Remove clause 3 and 4 from TNF licenses
* Rename HAVE_STRUCT_SOCKADDR_SA_LEN to HAVE_STRUCT_SOCKADDR_IN_SIN_LEN
to accurately reflect the structure member being used.
* Use AF_INET instead of AF_UNSPEC as the default family if !defined(INET6).
Status:
Vendor Tag: NetBSD
Release Tags: NetBSD-20090520
U othersrc/usr.bin/tnftp/src/Makefile
C othersrc/usr.bin/tnftp/src/cmds.c
C othersrc/usr.bin/tnftp/src/cmdtab.c
C othersrc/usr.bin/tnftp/src/complete.c
C othersrc/usr.bin/tnftp/src/domacro.c
C othersrc/usr.bin/tnftp/src/extern.h
C othersrc/usr.bin/tnftp/src/fetch.c
C othersrc/usr.bin/tnftp/src/ftp.1
C othersrc/usr.bin/tnftp/src/ftp.c
C othersrc/usr.bin/tnftp/src/ftp_var.h
C othersrc/usr.bin/tnftp/src/main.c
C othersrc/usr.bin/tnftp/src/progressbar.c
C othersrc/usr.bin/tnftp/src/progressbar.h
U othersrc/usr.bin/tnftp/src/ruserpass.c
C othersrc/usr.bin/tnftp/src/util.c
C othersrc/usr.bin/tnftp/src/version.h
14 conflicts created by this import.
Use the following command to help the merge:
cvs checkout -jNetBSD:yesterday -jNetBSD othersrc/usr.bin/tnftp/src
From: "S.P.Zeidler" <spz@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/38589 CVS commit: pkgsrc/net/tnftp/files
Date: Fri, 31 Oct 2014 18:47:26 +0000
Module Name: pkgsrc
Committed By: spz
Date: Fri Oct 31 18:47:26 UTC 2014
Update of /cvsroot/pkgsrc/net/tnftp/files
In directory ivanova.netbsd.org:/tmp/cvs-serv2789
Log Message:
Fri Oct 31 04:07:38 UTC 2014 lukem
* Release as "tnftp 20141031".
* Merge NetBSD usr.bin/ftp from 20130220 to 20141026:
- Don't pay attention to special characters if they don't
come from the command line (from jmcneill).
Fixes CVE-2014-8517.
- pr/34796: Hauke Fath: ftp does not timeout on http fetches.
Sun May 5 13:51:47 UTC 2013 lukem
* Release as "tnftp 20130505"
* Implement --enable-ssl (and --with-openssl) to enable
https:// fetch support.
* Merge NetBSD ftp from 20090520 to 20130220. Changes:
- https:// support.
NetBSD problem report 47276 from NONAKA Kimihiro.
- Allow -R to restart non-existent ftp:// URIs.
- Don't assume AF_INET support is available.
FreeBSD problem report 162661.
- Parse HTTP 'Date' entries in the `C' locale rather than the
user's.
NetBSD problem report 42917 from KAMADA Ken'ichi.
- Improve error handling when parsing of URI scheme.
- Silence connection warnings to multi-homed hosts in
non-verbose mode.
- Fix compile warnings.
- In ftpvis(), prevent incomplete escape sequences at end of
dst, and ensure NUL-termination of dst.
Fix from Uwe Stuehler and Stefan Sperling, via Marc Balmer.
- When using the response to SYST to decide whether to
default to 'binary' be a lot less specific.
* Replace glob with newer copy from NetBSD that does not suffer
from DoS exhaustion attacks.
Fix in NetBSD from Maksymilian Arciemowicz. See CVE-2011-0418
Tue Jan 12 06:58:15 UTC 2010 lukem
* Release as "tnftp 20100108"
* Rename onoff() argument "bool" to "val".
Tue Jan 5 09:12:01 UTC 2010 lukem
* If ARG_MAX isn't defined, use the result from sysconf(_SC_ARG_MAX).
Fixes build when using newer glibc.
* Add libnetbsd.la to the LIBADD for libedit.
Fix provided by Adam Sampson.
Mon Jan 4 06:28:07 UTC 2010 lukem
* Distribute various files not shipped by default automake rules,
to use 'make dist' instead of 'cvs export'.
Wed Dec 30 00:12:47 UTC 2009 lukem
* Release as "tnftp 20091122"
Sun Nov 15 10:14:44 UTC 2009 lukem
* Merge NetBSD ftp from 20090520 to 20090915. Change:
- Rename internal getline() to get_line() to avoid
conflict with libc with former.
- Avoid a NULL dereference in an error message.
Sat Nov 14 09:21:19 UTC 2009 lukem
* Convert to automake & libtool.
Sat Jun 6 07:17:38 UTC 2009 lukem
* Release as "tnftp 20090606"
Fri May 22 01:11:15 UTC 2009 lukem
* configure fixes:
- Add the time.h headers to accheck_includes, for the strptime check.
- Remove the check for el_init in libedit; we're always replacing
the library and the presence of strvis() in some versions
confuses other checks.
Wed May 20 13:47:43 UTC 2009 lukem
* Release as "tnftp 20090520"
* Merge NetBSD ftp from 20070722 to 20090520. Changes:
- Only attempt to el_parse() a command unknown by the default
parser if editing is enabled.
Fixes pr 38589.
- Turn off the alarmtimer before resetting the SIGALRM handler
back to SIG_DFL.
Fixes pr 35630.
- Add epsv6 and epsv to disable extended passive mode for ipv6 or
both ipv4 and ipv6 respectively. This hack is due to our
friends a Juniper Networks who break epsv in ipv6.
Should be fixed in ScreenOS 6.2.X.
- Improve parsing of chunked transfer chunks per RFC2616:
- more stringent chunk-size parsing
- ignore optional trailing ';chunk-ext' stuff, instead of barfing
- detect EOF before final \r\n.
- Use the service name to getaddrinfo() (along with the host
name), so that features such as DNS Service Discovery have a
better chance of working.
Display the service name in various status & error messages.
- Don't getservbyname() the :port component of a URL; RFC 3986
says it's just an unsigned number, not a service name.
- Fix numerous WARNS=4 issues (-Wcast-qual -Wsign-compare).
- Fix -Wshadow issues
- Update copyrights
- Remove clause 3 and 4 from TNF licenses
- Rename HAVE_STRUCT_SOCKADDR_SA_LEN to
HAVE_STRUCT_SOCKADDR_IN_SIN_LEN to accurately reflect the
structure member being used.
- Use AF_INET instead of AF_UNSPEC as the default family if
!defined(INET6).
* configure improvements:
- Style tweaks.
- Use AC_LANG_PROGRAM() instead of AC_LANG_SOURCE()
- Add a check for strptime() requiring separators between
conversions, and use our replacement one if it does.
Sat Dec 20 15:28:24 UTC 2008 lukem
* configure improvements:
- Move IPv6 check from tnftp.h to configure.ac (as per tnftpd).
- Rework option descriptions.
- Highlight when tests are for a specific option.
- Move configuration results to the end of the file.
- Display $prefix in configure results.
Fri Aug 15 03:03:36 UTC 2008 lukem
* Add a "Configuration results" display at the end of configure.
Cosmetic tweaks.
Fri Feb 29 09:45:56 UTC 2008 lukem
* Support @EXEEXT@ for Cygwin (etc).
Status:
Vendor Tag: tnftp
Release Tags: tnftp-20141031
C pkgsrc/net/tnftp/files/ChangeLog
N pkgsrc/net/tnftp/files/Makefile.am
C pkgsrc/net/tnftp/files/todo
U pkgsrc/net/tnftp/files/README
C pkgsrc/net/tnftp/files/tnftp.h
C pkgsrc/net/tnftp/files/aclocal.m4
U pkgsrc/net/tnftp/files/INSTALL
C pkgsrc/net/tnftp/files/THANKS
U pkgsrc/net/tnftp/files/NEWS
N pkgsrc/net/tnftp/files/tnftp_config.h.in
C pkgsrc/net/tnftp/files/Makefile.in
C pkgsrc/net/tnftp/files/configure
C pkgsrc/net/tnftp/files/COPYING
C pkgsrc/net/tnftp/files/configure.ac
N pkgsrc/net/tnftp/files/buildaux/lt~obsolete.m4
N pkgsrc/net/tnftp/files/buildaux/config.guess
N pkgsrc/net/tnftp/files/buildaux/ltmain.sh
N pkgsrc/net/tnftp/files/buildaux/install-sh
N pkgsrc/net/tnftp/files/buildaux/ax_check_openssl.m4
N pkgsrc/net/tnftp/files/buildaux/ltoptions.m4
N pkgsrc/net/tnftp/files/buildaux/ltversion.m4
N pkgsrc/net/tnftp/files/buildaux/ltsugar.m4
N pkgsrc/net/tnftp/files/buildaux/missing
N pkgsrc/net/tnftp/files/buildaux/depcomp
N pkgsrc/net/tnftp/files/buildaux/config.sub
N pkgsrc/net/tnftp/files/buildaux/libtool.m4
C pkgsrc/net/tnftp/files/src/progressbar.c
N pkgsrc/net/tnftp/files/src/Makefile.am
C pkgsrc/net/tnftp/files/src/extern.h
C pkgsrc/net/tnftp/files/src/util.c
C pkgsrc/net/tnftp/files/src/domacro.c
C pkgsrc/net/tnftp/files/src/ftp.c
U pkgsrc/net/tnftp/files/src/ruserpass.c
C pkgsrc/net/tnftp/files/src/version.h
N pkgsrc/net/tnftp/files/src/ssl.c
C pkgsrc/net/tnftp/files/src/fetch.c
C pkgsrc/net/tnftp/files/src/progressbar.h
N pkgsrc/net/tnftp/files/src/ssl.h
C pkgsrc/net/tnftp/files/src/Makefile.in
C pkgsrc/net/tnftp/files/src/cmds.c
C pkgsrc/net/tnftp/files/src/ftp_var.h
C pkgsrc/net/tnftp/files/src/ftp.1
C pkgsrc/net/tnftp/files/src/cmdtab.c
C pkgsrc/net/tnftp/files/src/complete.c
C pkgsrc/net/tnftp/files/src/main.c
U pkgsrc/net/tnftp/files/libnetbsd/getnameinfo.c
U pkgsrc/net/tnftp/files/libnetbsd/strerror.c
N pkgsrc/net/tnftp/files/libnetbsd/Makefile.am
U pkgsrc/net/tnftp/files/libnetbsd/fseeko.c
U pkgsrc/net/tnftp/files/libnetbsd/inet_ntop.c
U pkgsrc/net/tnftp/files/libnetbsd/strlcpy.c
U pkgsrc/net/tnftp/files/libnetbsd/timegm.c
U pkgsrc/net/tnftp/files/libnetbsd/inet_pton.c
C pkgsrc/net/tnftp/files/libnetbsd/strvis.c
U pkgsrc/net/tnftp/files/libnetbsd/strdup.c
U pkgsrc/net/tnftp/files/libnetbsd/strunvis.c
U pkgsrc/net/tnftp/files/libnetbsd/snprintf.c
U pkgsrc/net/tnftp/files/libnetbsd/err.c
C pkgsrc/net/tnftp/files/libnetbsd/strptime.c
C pkgsrc/net/tnftp/files/libnetbsd/utimes.c
U pkgsrc/net/tnftp/files/libnetbsd/getaddrinfo.c
C pkgsrc/net/tnftp/files/libnetbsd/sl_init.c
U pkgsrc/net/tnftp/files/libnetbsd/ftpvis.h
C pkgsrc/net/tnftp/files/libnetbsd/setprogname.c
C pkgsrc/net/tnftp/files/libnetbsd/glob.c
C pkgsrc/net/tnftp/files/libnetbsd/dirname.c
U pkgsrc/net/tnftp/files/libnetbsd/mkstemp.c
U pkgsrc/net/tnftp/files/libnetbsd/strtoll.c
C pkgsrc/net/tnftp/files/libnetbsd/ftpglob.h
U pkgsrc/net/tnftp/files/libnetbsd/strlcat.c
C pkgsrc/net/tnftp/files/libnetbsd/usleep.c
C pkgsrc/net/tnftp/files/libnetbsd/Makefile.in
U pkgsrc/net/tnftp/files/libnetbsd/strsep.c
C pkgsrc/net/tnftp/files/libnetbsd/fgetln.c
C pkgsrc/net/tnftp/files/libedit/filecomplete.h
N pkgsrc/net/tnftp/files/libedit/Makefile.am
U pkgsrc/net/tnftp/files/libedit/hist.h
U pkgsrc/net/tnftp/files/libedit/refresh.c
U pkgsrc/net/tnftp/files/libedit/chared.c
U pkgsrc/net/tnftp/files/libedit/hist.c
U pkgsrc/net/tnftp/files/libedit/tokenizer.c
U pkgsrc/net/tnftp/files/libedit/sys.h
U pkgsrc/net/tnftp/files/libedit/el.c
U pkgsrc/net/tnftp/files/libedit/prompt.h
U pkgsrc/net/tnftp/files/libedit/makelist.in
U pkgsrc/net/tnftp/files/libedit/search.h
U pkgsrc/net/tnftp/files/libedit/key.h
U pkgsrc/net/tnftp/files/libedit/sig.c
U pkgsrc/net/tnftp/files/libedit/search.c
U pkgsrc/net/tnftp/files/libedit/term.c
U pkgsrc/net/tnftp/files/libedit/term.h
U pkgsrc/net/tnftp/files/libedit/editrc.5
U pkgsrc/net/tnftp/files/libedit/chared.h
C pkgsrc/net/tnftp/files/libedit/filecomplete.c
U pkgsrc/net/tnftp/files/libedit/key.c
C pkgsrc/net/tnftp/files/libedit/readline.c
U pkgsrc/net/tnftp/files/libedit/sig.h
C pkgsrc/net/tnftp/files/libedit/Makefile.in
U pkgsrc/net/tnftp/files/libedit/parse.c
U pkgsrc/net/tnftp/files/libedit/common.c
U pkgsrc/net/tnftp/files/libedit/parse.h
U pkgsrc/net/tnftp/files/libedit/prompt.c
U pkgsrc/net/tnftp/files/libedit/emacs.c
U pkgsrc/net/tnftp/files/libedit/el.h
U pkgsrc/net/tnftp/files/libedit/history.c
U pkgsrc/net/tnftp/files/libedit/tty.h
U pkgsrc/net/tnftp/files/libedit/map.h
U pkgsrc/net/tnftp/files/libedit/refresh.h
U pkgsrc/net/tnftp/files/libedit/vi.c
U pkgsrc/net/tnftp/files/libedit/map.c
U pkgsrc/net/tnftp/files/libedit/editline.3
U pkgsrc/net/tnftp/files/libedit/tty.c
U pkgsrc/net/tnftp/files/libedit/histedit.h
C pkgsrc/net/tnftp/files/libedit/read.h
U pkgsrc/net/tnftp/files/libedit/read.c
C pkgsrc/net/tnftp/files/libedit/readline/readline.h
41 conflicts created by this import.
Use the following command to help the merge:
cvs checkout -jtnftp:yesterday -jtnftp pkgsrc/net/tnftp/files
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home