debcrafters-packages team mailing list archive
-
debcrafters-packages team
-
Mailing list archive
-
Message #07701
[Bug 2091440] Re: changing the working directory on z/VM causes buffer overflow
This bug was fixed in the package lftp - 4.9.3-1.1ubuntu1
---------------
lftp (4.9.3-1.1ubuntu1) questing; urgency=medium
* Merge with Debian unstable (LP: #2125130). Remaining changes:
- d/rules: Switch to dh to regenerate the configure script
- debian/menu: drop because obsolete (would be installed by dh)
- d/p/cd-zVM-segfault-fix.patch: fix z/VM cd stack corruption
(LP #2091440)
* Drop changes:
- configure.ac: Bump gettext version to 0.21
[included in 4.9.3-1]
lftp (4.9.3-1.1) unstable; urgency=medium
* Non-maintainer upload.
* d/copyright: Correct trio license to be ISC. Closes: Bug#1111710
lftp (4.9.3-1) unstable; urgency=medium
* New upstream version 4.9.3
* removed upstream intragrated patches with lftp 4.9.3
* d/control raised Standards-Version: 4.7.2 - no changes needed
* d/copyright added missing trio/* copyright information. Closes: Bug#996564
lftp (4.9.2-4) unstable; urgency=medium
* debian/control: raised Standards-Version to 4.7.0: no changes needed
* debian/control: added Vcs-Browser
-- Jonas Jelten <jonas.jelten@xxxxxxxxxxxxx> Thu, 18 Sep 2025 18:52:50
+0200
** Changed in: lftp (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to lftp in Ubuntu.
https://bugs.launchpad.net/bugs/2091440
Title:
changing the working directory on z/VM causes buffer overflow
Status in lftp:
Unknown
Status in Ubuntu on IBM z Systems:
In Progress
Status in lftp package in Ubuntu:
Fix Released
Status in lftp source package in Noble:
Fix Committed
Status in lftp source package in Oracular:
Won't Fix
Status in lftp source package in Plucky:
Fix Committed
Bug description:
[ Impact ]
lftp: buffer overflow detected when accessing z/VM FTP server and
changing the working directory with `cd`
[ Test Plan ]
1. Connect with lftp to z/VM FTP server
Machine Type = IBM/S390 3906
lftp -u hartmafk gdlvm7.pok.ibm.com
2. Validate correct connection:
ls
> BOOKM FILE V 65 9 1 2016-08-10 04:45:31 HAR191
> CPFMTXA EXCORIG V 63 711 7 2005-10-10 07:52:28 HAR191
> CPFMTXA EXEC V 63 711 7 2005-10-10 07:52:28 HAR191
> CPFMTXA MODORIG V 96 3 1 2005-10-14 09:30:44 HAR191
> CPFMTXA MODULE V 96 3 1 2005-10-14 09:30:44 HAR191
> CRUISE LASTCMDS V 88 53 1 2024-12-04 09:28:24 HAR191
> DDOPTS OPTIONS V 58 1 1 2002-12-03 16:26:24 HAR191
3. Change directory to SFS directory or minidisk:
cd HARTMAFK.191
without the fix, observe a crash:
*** buffer overflow detected ***: terminated
Aborted
with the fix, happily be in the new directory.
[ Where problems could occur ]
* The fix allocates 2 more bytes of memory, so in a constrained
environment this could exhaust the available space and crash during
allocation.
[ Other Info ]
---uname output---
Linux lnxzvmd1 6.11.0-9-generic #9-Ubuntu SMP Mon Oct 14 12:18:15 UTC 2024 s390x s390x s390x GNU/Linux
---Debugger---
A debugger is not configured
Contact Information = frederik.hartmann@xxxxxxxxxx
Userspace tool common name: lftp
The userspace tool has the following bit modes: 64
Userspace rpm: lftp
Userspace tool obtained from project website: 4.9.2-3ubuntu1
*Additional Instructions for frederik.hartmann@xxxxxxxxxx:
-Post a private note with access information to the machine that the bug is occuring on.
-Attach ltrace and strace of userspace application.
===============================================================================
This issue can only be reproduced when lftp is compiled without debug option.
I was able to reproduce this issue with a self compiled lftp 4.9.3 on
s390x with the default build and with a plain ./configure, I was NOT
able to reproduce this issue with ./configure --with-debug
To manage notifications about this bug go to:
https://bugs.launchpad.net/lftp/+bug/2091440/+subscriptions
