cURL / Mailing Lists / curl-users / Single Mail

curl-users

[ curl-Bugs-611811 ] segfault of curl when ftp'ing

From: <noreply_at_sourceforge.net>
Date: Thu, 19 Sep 2002 13:45:25 -0700

Bugs item #611811, was opened at 2002-09-19 13:45
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=611811&group_id=976

Category: ftp
Group: crash
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Daniel Stenberg (bagder)
Summary: segfault of curl when ftp'ing

Initial Comment:
I am running curl on a DEC Alpha machine. Vital
stats:

OSF1 cow.physics.wisc.edu V4.0 878 alpha
curl 7.9.8 (alpha-dec-osf4.0d) libcurl 7.9.8 (OpenSSL
0.9.6c)
gcc version 2.7.2.1

When using curl to retrieve a file or directory listing
by FTP, I receive
a segfault error. Here is the command and its verbose
output:

[135]> curl -v ftp://legacy.gsfc.nasa.gov/README
* About to connect() to legacy.gsfc.nasa.gov:21
* Connected to legacy.gsfc.nasa.gov (128.183.240.23)
port 21
> USER anonymous
> PASS curl_by_daniel_at_haxx.se
* We have successfully logged in
> PWD
* Entry path is '/'
> EPSV
> PASV
Segmentation fault

And here is the stack trace:

(gdb) run -v ftp://legacy.gsfc.nasa.gov/
Starting program: /usr/local/bin/curl -v
ftp://legacy.gsfc.nasa.gov/
* About to connect() to legacy.gsfc.nasa.gov:21
...
#0 0x3ff814862a0 in strncpy ()
#1 0x3ffbff48a94 in MakeIP (num=5369061376,
    addr=0x140018894 "128.183.240.23", addr_len=-116)
at hostip.c:474
#2 0x3ffbff48c30 in Curl_getaddrinfo
(data=0x14002e000,
    hostname=0x11fffe5e8 "128.183.240.23", port=-116,
bufp=0x11fffe530)
    at hostip.c:544
#3 0x3ffbff48948 in Curl_resolv (data=0x14002e000,
    hostname=0x11fffe5e8 "128.183.240.23", port=36140)
at hostip.c:256
#4 0x3ffbff50660 in ftp_use_pasv (conn=0x140044000) at
ftp.c:1473
#5 0x3ffbff509c0 in ftp_perform (conn=0x140044000) at
ftp.c:1618
#6 0x3ffbff51448 in Curl_ftp (conn=0x140044000) at
ftp.c:2065
#7 0x3ffbff55924 in Curl_do (connp=0x11fffe7c0) at
url.c:2532
#8 0x3ffbff5fe20 in Curl_perform (data=0x14002e000) at
transfer.c:1172
#9 0x3ffbff6073c in curl_easy_perform
(curl=0x140056000) at easy.c:245
#10 0x120006430 in operate (config=0x11fffeb00,
argc=1073930240,
    argv=0x140018270) at main.c:2649
#11 0x1200067b4 in main (argc=3, argv=0x11fffed08) at
main.c:2755

The following patch to lib/hostip.c seems to do the
trick. The buffer
"buf" was allocated as a pointer to long, but then
treated as a char
pointer.

--- hostip.c~ Tue Jun 11 10:10:38 2002
+++ hostip.c Thu Sep 19 15:42:34 2002
@@ -526,7 +526,7 @@
 
   if ( (in=inet_addr(hostname)) != INADDR_NONE ) {
     struct in_addr *addrentry;
- long *buf = (long *)malloc(sizeof(struct
hostent)+128);
+ char *buf = (long *)malloc(sizeof(struct
hostent)+128);
     if(!buf)
       return NULL; /* major failure */
     *bufp = (char *)buf;

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=611811&group_id=976

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2002-09-19