nrathaus
commented
7 months ago While an error does print out, the process itself doesn't seem to crash or fault (at least one Linux):
[E 2024-02-19 09:27:52] unhandled exception in instance <FTPHandler(id=140292931745584, addr='192.168.8.1:35598')>
Traceback (most recent call last):
File "/home/x/src/x/venv/lib/python3.10/site-packages/pyftpdlib/ioloop.py", line 232, in call
self._target(*self._args, **self._kwargs)
File "/home/x/src/x/venv/lib/python3.10/site-packages/pyftpdlib/handlers.py", line 2534, in callback
self.add_channel()
File "/home/x/src/x/venv/lib/python3.10/site-packages/pyftpdlib/ioloop.py", line 795, in add_channel
self.ioloop.register(self._fileno, self, events)
File "/home/x/src/x/venv/lib/python3.10/site-packages/pyftpdlib/ioloop.py", line 495, in register
self._poller.register(fd, events)
OSError: [Errno 9] Bad file descriptor
[D 2024-02-19 09:27:52] [debug] call: close() (<FTPHandler(id=140292931745584, addr='192.168.8.1:35598')>)The fault seems to be cause by you closing the connection without completing the command, causing the FTP server side to complain
I used LaiFu to fuzz pyftpdlib on windows 10 and I found a remote crash bug. Detailed details are as follows:
host = "127.0.0.1" port = 2121
pkt1 = bytes.fromhex("555345522066757a7a65720d0a") pkt2 = bytes.fromhex("50415353200d0a0d0a0d0a0d0a0d0a0d0a0d0a0d0a0d0a0d0a0d0a0d0a0d0a0d0a0d0a0d0a0d0a")
if name == "main":
python -m pyftpdlib -u fuzzer -P passwd --debug
[I 2022-04-12 09:48:49] concurrency model: async [I 2022-04-12 09:48:49] masquerade (NAT) address: None [I 2022-04-12 09:48:49] passive ports: None [D 2022-04-12 09:48:49] poller: 'pyftpdlib.ioloop.Select' [D 2022-04-12 09:48:49] authorizer: 'pyftpdlib.authorizers.DummyAuthorizer' [D 2022-04-12 09:48:49] handler: 'pyftpdlib.handlers.type' [D 2022-04-12 09:48:49] max connections: 512 [D 2022-04-12 09:48:49] max connections per ip: unlimited [D 2022-04-12 09:48:49] timeout: 300 [D 2022-04-12 09:48:49] banner: 'pyftpdlib 1.5.6 ready.' [D 2022-04-12 09:48:49] max login attempts: 3 [I 2022-04-12 09:48:49] >>> starting FTP server on 0.0.0.0:2121, pid=11208 <<< [I 2022-04-12 09:48:51] 127.0.0.1:63793-[] FTP session opened (connect) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 220 pyftpdlib 1.5.6 ready. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- USER fuzzer [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 331 Username ok, send password. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[fuzzer] <- PASS ** [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: send(), err: [WinError 10053] 你的主机中的软件中止了一个已建立的连接。 (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] [debug] call: close() (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] [debug] call: unregister(); fd was no longer in socket_map (<pyftpdlib.ioloop.Select (fds=1, tasks=2) at 0x27d52002110>) [I 2022-04-12 09:48:51] 127.0.0.1:63793-[] FTP session closed (disconnect). [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] <- [D 2022-04-12 09:48:51] [debug] call: initiate_send(); called with no connection (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) [D 2022-04-12 09:48:51] 127.0.0.1:63793-[] -> 500 Command "" not understood. [D 2022-04-12 09:48:55] [debug] closing IOLoop (<pyftpdlib.ioloop.Select (fds=2, tasks=1) at 0x27d52002110>) [D 2022-04-12 09:48:55] [debug] call: close() (<FTPHandler(id=2737270377008, addr='127.0.0.1:63793')>) Traceback (most recent call last): File "C:\Users\xzz\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 196, in _run_module_as_main return _run_code(code, main_globals, None, File "C:\Users\xzz\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 86, in _run_code exec(code, run_globals) File "C:\Users\xzz\AppData\Local\Programs\Python\Python310\lib\site-packages\pyftpdlib__main.py", line 122, in
main()
File "C:\Users\xzz\AppData\Local\Programs\Python\Python310\lib\site-packages\pyftpdlib\ main__.py", line 116, in main
ftpd.serve_forever(timeout=2 if os.name == 'nt' else None)
File "C:\Users\xzz\AppData\Local\Programs\Python\Python310\lib\site-packages\pyftpdlib\servers.py", line 245, in serve_forever
self.ioloop.loop(timeout, blocking)
File "C:\Users\xzz\AppData\Local\Programs\Python\Python310\lib\site-packages\pyftpdlib\ioloop.py", line 343, in loop
poll(timeout)
File "C:\Users\xzz\AppData\Local\Programs\Python\Python310\lib\site-packages\pyftpdlib\ioloop.py", line 446, in poll
r, w, e = select.select(self._r, self._w, [], timeout)
OSError: [WinError 10038] 在一个非套接字上尝试了一个操作。