debcrafters-packages team mailing list archive

Thread
Date

[Bug 2091440] Re: changing the working directory on z/VM causes buffer overflow

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Frank Heimes <2091440@xxxxxxxxxxxxxxxxxx>
Date: Fri, 29 Aug 2025 07:22:17 -0000
Reply-to: Bug 2091440 <2091440@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Changed in: ubuntu-z-systems
       Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to lftp in Ubuntu.
https://bugs.launchpad.net/bugs/2091440

Title:
  changing the working directory on z/VM causes buffer overflow

Status in lftp:
  Unknown
Status in Ubuntu on IBM z Systems:
  In Progress
Status in lftp package in Ubuntu:
  In Progress
Status in lftp source package in Noble:
  In Progress
Status in lftp source package in Oracular:
  Won't Fix
Status in lftp source package in Plucky:
  In Progress

Bug description:
  [ Impact ]

  lftp: buffer overflow detected when accessing z/VM FTP server and
  changing the working directory with `cd`

  
  [ Test Plan ]

  1. Connect with lftp to z/VM FTP server
  Machine Type = IBM/S390 3906

  lftp -u hartmafk gdlvm7.pok.ibm.com

  2. Validate correct connection:

  ls
  > BOOKM    FILE     V         65          9          1 2016-08-10 04:45:31 HAR191
  > CPFMTXA  EXCORIG  V         63        711          7 2005-10-10 07:52:28 HAR191
  > CPFMTXA  EXEC     V         63        711          7 2005-10-10 07:52:28 HAR191
  > CPFMTXA  MODORIG  V         96          3          1 2005-10-14 09:30:44 HAR191
  > CPFMTXA  MODULE   V         96          3          1 2005-10-14 09:30:44 HAR191
  > CRUISE   LASTCMDS V         88         53          1 2024-12-04 09:28:24 HAR191
  > DDOPTS   OPTIONS  V         58          1          1 2002-12-03 16:26:24 HAR191

  3. Change directory to SFS directory or minidisk:

  cd HARTMAFK.191

  without the fix, observe a crash:
  *** buffer overflow detected ***: terminated
  Aborted

  with the fix, happily be in the new directory.

  
  [ Where problems could occur ]

   * The fix allocates 2 more bytes of memory, so in a constrained
  environment this could exhaust the available space and crash during
  allocation.

  [ Other Info ]

  ---uname output---
  Linux lnxzvmd1 6.11.0-9-generic #9-Ubuntu SMP Mon Oct 14 12:18:15 UTC 2024 s390x s390x s390x GNU/Linux

  
  ---Debugger---
  A debugger is not configured

  Contact Information = frederik.hartmann@xxxxxxxxxx

  Userspace tool common name: lftp

  The userspace tool has the following bit modes: 64

  Userspace rpm: lftp

  Userspace tool obtained from project website:  4.9.2-3ubuntu1

  *Additional Instructions for frederik.hartmann@xxxxxxxxxx:
  -Post a private note with access information to the machine that the bug is occuring on.
  -Attach ltrace and strace of userspace application.

  ===============================================================================
  This issue can only be reproduced when lftp is compiled without debug option.

  I was able to reproduce this issue with a self compiled lftp 4.9.3 on
  s390x with the default build and with a plain ./configure, I was NOT
  able to reproduce this issue with ./configure --with-debug

To manage notifications about this bug go to:
https://bugs.launchpad.net/lftp/+bug/2091440/+subscriptions