[Bug 462749] Re: vsftpd-2.2.0 (currently in karmic) is affected by pasv_address regression

Andreas Olsson andreas at arrakis.se
Wed Mar 10 20:34:54 GMT 2010 

I would like to submit a Karmic SRU for this bug. While there might be a
relatively small number of users who uses the non default configuration
"pasv_address" this regression practically makes vsftpd impossible to
use.

This regression has been fixed upstream and has made its way in Lucid.
The patch I'm applying in this Karmic SRU is a minimal backport made by
Chuck Short , and tested from his PPA.

TEST CASE:
1) Add a "pasv_address" option to /etc/vsftpd.conf, for example "pasv_address=192.168.1.44".
2) restart vsftpd
3) Initiate a passive ftp connection and begin a datatransfer
  andreas at stilgar:~$ ftp -p 192.168.1.44
  Connected to 192.168.1.44.
  220 (vsFTPd 2.2.0)
  Name (192.168.1.44:andreas): anonymous
  331 Please specify the password.
  Password:
  230 Login successful.
  Remote system type is UNIX.
  Using binary mode to transfer files.
  ftp> ls
  500 OOPS: priv_sock_get_cmd
  Passive mode refused.
  ftp>

With the fixed applied, and the same configuration applied, it should instead play out like this.
  andreas at stilgar:~$ ftp -p 192.168.1.44
  Connected to 192.168.1.44.
  220 (vsFTPd 2.2.0)
  Name (192.168.1.44:andreas): anonymous
  331 Please specify the password.
  Password:
  230 Login successful.
  Remote system type is UNIX.
  Using binary mode to transfer files.
  ftp> ls
  227 Entering Passive Mode (192,168,1,44,171,68).
  150 Here comes the directory listing.
  226 Directory send OK.
  ftp>  

I have a hard time imagining how users could get inadvertently affected
by this SRU. It seems more than unlikely that someone would actively
depend on a configuration where a segfault is the desired result.
Regarding the regression potential, it should be minimal, as this is a
minimal patch applied in an area of the code which should only be called
in those conditions when this bug otherwise would be in effect anyway.

Attaching a debdiff against karmic-proposed

** Attachment added: "vsftpd_2.2.0-1ubuntu2.debdiff"
   http://launchpadlibrarian.net/40718894/vsftpd_2.2.0-1ubuntu2.debdiff

-- 
vsftpd-2.2.0 (currently in karmic) is affected by pasv_address regression
https://bugs.launchpad.net/bugs/462749
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in ubuntu.

More information about the Ubuntu-server-bugs mailing list