Open noelk opened 3 months ago
Hello,
I can reproduce seg faults with CRL files:
$ lftp -v LFTP | Version 4.9.2 | Copyright (c) 1996-2020 Alexander V. Lukyanov ... $ cat ~/.lftp/rc set ssl:crl-file /tmp/GlobalRoot_Class_2.crl
Tested some CRL files and it doesn't look like it depends on the CRL file. This one is just an example: https://corporate-pki.telekom.de/rl/GlobalRoot_Class_2.crl from https://corporate-pki.telekom.de/GlobalRootClass2.html
$ openssl crl -text -in /tmp/GlobalRoot_Class_2.crl -noout Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2 ...
$ LC_ALL=C lftp -d -u "user,password" ftp.giku.de ---- Resolving host address... ---- IPv6 is not supported or configured ---- 1 address found: 62.108.32.121 lftp user@ftp.giku.de:~> ls ---- Connecting to ftp.giku.de (62.108.32.121) port 21 <--- 220 ProFTPD Server (ProFTPD) [62.108.32.121] .... <--- UTF8 <--- 211 End ---> AUTH TLS <--- 234 AUTH TLS successful Speicherzugriffsfehler
another server: $ LC_ALL=C lftp -d -u "user,password" ftp.gwdg.de ---- Resolving host address... ---- IPv6 is not supported or configured ---- 1 address found: 134.76.12.6 lftp user@ftp.gwdg.de:~> ls ---- Connecting to ftp.gwdg.de (134.76.12.6) port 21 <--- 220-Welcome to ftp.gwdg.de <--- 220- <--- 220 ---> FEAT <--- 211-Features: <--- AUTH TLS <--- EPRT <--- EPSV <--- MDTM <--- PASV <--- PBSZ <--- PROT <--- REST STREAM <--- SIZE <--- TVFS <--- UTF8 <--- 211 End ---> AUTH TLS <--- 234 Proceed with negotiation. Speicherzugriffsfehler
removing the only config line in the rc file the seg fault disappears:
$ cat ~/.lftp/rc
$ LC_ALL=C lftp -d -u "user,password" ftp.gwdg.de ---- Resolving host address... ---- IPv6 is not supported or configured ---- 1 address found: 134.76.12.6 lftp user@ftp.gwdg.de:~> ls ---- Connecting to ftp.gwdg.de (134.76.12.6) port 21 <--- 220-Welcome to ftp.gwdg.de <--- 220- <--- 220 ---> FEAT <--- 211-Features: <--- AUTH TLS <--- EPRT <--- EPSV <--- MDTM <--- PASV <--- PBSZ <--- PROT <--- REST STREAM <--- SIZE <--- TVFS <--- UTF8 <--- 211 End ---> AUTH TLS <--- 234 Proceed with negotiation. Loaded 147 CAs Loaded 0 CRLs ---> OPTS UTF8 ON <--- 200 Always in UTF8 mode. initialized translation from ANSI_X3.4-1968 to UTF-8 initialized translation from UTF-8 to ANSI_X3.4-1968//TRANSLIT ---> USER user <--- 530 This FTP server is anonymous only. ---> QUIT ls: Login failed: 530 This FTP server is anonymous only. gnutls_record_recv: The TLS connection was non-properly terminated. Assuming EOF. <--- 221 Goodbye. ---- Closing control socket
Without the -u and without ssl:crl-file there is no segmentation fault.
Thank you for lftp.
Hello,
I can reproduce seg faults with CRL files:
$ lftp -v LFTP | Version 4.9.2 | Copyright (c) 1996-2020 Alexander V. Lukyanov ... $ cat ~/.lftp/rc set ssl:crl-file /tmp/GlobalRoot_Class_2.crl
Tested some CRL files and it doesn't look like it depends on the CRL file. This one is just an example: https://corporate-pki.telekom.de/rl/GlobalRoot_Class_2.crl from https://corporate-pki.telekom.de/GlobalRootClass2.html
$ openssl crl -text -in /tmp/GlobalRoot_Class_2.crl -noout Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2 ...
$ LC_ALL=C lftp -d -u "user,password" ftp.giku.de ---- Resolving host address... ---- IPv6 is not supported or configured ---- 1 address found: 62.108.32.121 lftp user@ftp.giku.de:~> ls ---- Connecting to ftp.giku.de (62.108.32.121) port 21 <--- 220 ProFTPD Server (ProFTPD) [62.108.32.121] .... <--- UTF8 <--- 211 End ---> AUTH TLS <--- 234 AUTH TLS successful
Speicherzugriffsfehler
another server: $ LC_ALL=C lftp -d -u "user,password" ftp.gwdg.de ---- Resolving host address... ---- IPv6 is not supported or configured ---- 1 address found: 134.76.12.6 lftp user@ftp.gwdg.de:~> ls ---- Connecting to ftp.gwdg.de (134.76.12.6) port 21 <--- 220-Welcome to ftp.gwdg.de <--- 220- <--- 220 ---> FEAT <--- 211-Features:
<--- AUTH TLS <--- EPRT <--- EPSV <--- MDTM <--- PASV <--- PBSZ <--- PROT <--- REST STREAM <--- SIZE <--- TVFS <--- UTF8 <--- 211 End ---> AUTH TLS <--- 234 Proceed with negotiation. Speicherzugriffsfehler
removing the only config line in the rc file the seg fault disappears:
$ cat ~/.lftp/rc
set ssl:crl-file /tmp/GlobalRoot_Class_2.crl
$ LC_ALL=C lftp -d -u "user,password" ftp.gwdg.de ---- Resolving host address... ---- IPv6 is not supported or configured ---- 1 address found: 134.76.12.6 lftp user@ftp.gwdg.de:~> ls ---- Connecting to ftp.gwdg.de (134.76.12.6) port 21 <--- 220-Welcome to ftp.gwdg.de
<--- 220- <--- 220 ---> FEAT <--- 211-Features:
<--- AUTH TLS <--- EPRT <--- EPSV <--- MDTM <--- PASV <--- PBSZ <--- PROT <--- REST STREAM <--- SIZE <--- TVFS <--- UTF8
<--- 211 End ---> AUTH TLS <--- 234 Proceed with negotiation. Loaded 147 CAs Loaded 0 CRLs ---> OPTS UTF8 ON <--- 200 Always in UTF8 mode. initialized translation from ANSI_X3.4-1968 to UTF-8 initialized translation from UTF-8 to ANSI_X3.4-1968//TRANSLIT ---> USER user <--- 530 This FTP server is anonymous only. ---> QUIT ls: Login failed: 530 This FTP server is anonymous only. gnutls_record_recv: The TLS connection was non-properly terminated. Assuming EOF. <--- 221 Goodbye. ---- Closing control socket
Without the -u and without ssl:crl-file there is no segmentation fault.
Thank you for lftp.