recent posting ftpd (and older version) have a bug
John Buck
john at polyof.UUCP
Fri Dec 2 07:23:45 AEST 1988
Program: ftpd
Sources: etc/ftpd/{glob.c,popen.c}
Symptom: ftpd core dumps (essentially) sometimes, causing a remote error
of "Service unavailable; server has closed connection"
Problem: If glob() fails (no matches), it winds up freeing (via free()),
an automatic stack array (gargv)
Fix: Remove last free() call in blkfree() (IE the one that frees the
pointer to the list)
Then, you have to fix the call to blkfree() in popen.c to do an
extra free(argv[argc]) after the blkfree(argv[argc])
History: The comment in glob.c says it all... The code for glob was lifted
from csh, and seeming appropriate changes were made. Problem
was a call to xfree() was changed to plain old free(). xfree() in
csh checked to see if the address that was being freed was
past the end of the data area. If it was, the call was ignored.
free() does not do this extra, kludgy, checking.
Alternative fix: lift the code for xfree() from csh, and make necessary,
kludgy, changes.
John Buck
john at polyof.poly.edu
john at polygraf.bitnet
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list