[bug-inetutils] Re: Bug#212612: Buffer overflow in ftp

[Robert Millan]

>From Debian BTS:

On Wed, Sep 24, 2003 at 08:49:28PM +0200, Beno?t Sibaud wrote:
> Package: inetutils-ftp
> Version: 1.4.2+20030703-7
> 
> Test on an uptodate x86 Sid.
> 
> $ ftp
> ftp> mput
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> Segmentation fault
> 
> 444 a => "Not connected"
> 445 a => "?Ambiguous command"
> 446 a => "?Invalid command"
> 447 a => Segmentation fault
> 
> With /usr/bin/ftp:
> 
> (gdb) backtrace
> #0  0x08051970 in ?? ()
> #1  0x40042caa in add_history () from /lib/libreadline.so.4
> #2  0x08051831 in ?? ()
> #3  0x61616161 in ?? ()
> #4  0x08066078 in ?? ()
> #5  0xbffff9b8 in ?? ()
> #6  0x08051818 in ?? ()
> 
> With the compiled unstripped version:
> 
> #0  0x08052040 in getcmd (name=0x61616161 <Address 0x61616161 out of
> #bounds>)
>     at
> /home/ruffy/inetutils-1.4.2+20030703/build-tree/inetutils-20030703/ftp/mai
> n.c:391
> 391       for (c = cmdtab; (p = c->c_name); c++)
> (gdb) backtrace
> #0  0x08052040 in getcmd (name=0x61616161 <Address 0x61616161 out of
> #bounds>)
>     at
> /home/ruffy/inetutils-1.4.2+20030703/build-tree/inetutils-20030703/ftp/mai
> n.c:391
> #1  0x08051ee7 in cmdscanner (top=1) at
> #/home/ruffy/inetutils-1.4.2+20030703/build-tree/inetutils-20030703/ftp/ma
> #in.c:355 2  0x08051ced in main (argc=1, argv=0xbffff958) at
> #/home/ruffy/inetutils-1.4.2+20030703/build-tree/inetutils-20030703/ftp/ma
> #in.c:233
> 
> Build-depends
> ii  cdbs                            0.4.8                           common
> build system for Debian packages
> ii  debhelper                       4.1.74                          helper
> programs for debian/rules
> ii  libreadline4-dev                4.3-5                           GNU
> readline and history libraries, development files
> ii  libpam0g-dev                    0.76-14                        
> Development files for PAM
> ii  libopie-dev                     2.32-8.1                        OPIE
> library development files.
> Depends
> ii  libc6                           2.3.2-8                         GNU C
> Library: Shared libraries and Timezone data
> ii  libncurses5                     5.3.20030719-2                  Shared
> libraries for terminal handling
> ii  libreadline4                    4.3-5                           GNU
> readline and history libraries, run-time libraries
> ii  zlib1g                          1.1.4-15                       
> compression library - runtime
> 
> -- 
> Beno?t Sibaud
> 
> 

-- 
Robert Millan

"[..] but the delight and pride of Aule is in the deed of making, and in the
thing made, and neither in possession nor in his own mastery; wherefore he
gives and hoards not, and is free from care, passing ever on to some new work."

 -- J.R.R.T, Ainulindale (Silmarillion)