We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello,
I can reproduce seg faults with CRL files:
$ lftp -v LFTP | Version 4.9.2 | Copyright (c) 1996-2020 Alexander V. Lukyanov ... $ cat ~/.lftp/rc set ssl:crl-file /tmp/GlobalRoot_Class_2.crl
Tested some CRL files and it doesn't look like it depends on the CRL file. This one is just an example: https://corporate-pki.telekom.de/rl/GlobalRoot_Class_2.crl from https://corporate-pki.telekom.de/GlobalRootClass2.html
$ openssl crl -text -in /tmp/GlobalRoot_Class_2.crl -noout Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2 ...
$ LC_ALL=C lftp -d -u "user,password" ftp.giku.de ---- Resolving host address... ---- IPv6 is not supported or configured ---- 1 address found: 62.108.32.121 lftp [email protected]:~> ls ---- Connecting to ftp.giku.de (62.108.32.121) port 21 <--- 220 ProFTPD Server (ProFTPD) [62.108.32.121] .... <--- UTF8 <--- 211 End ---> AUTH TLS <--- 234 AUTH TLS successful Speicherzugriffsfehler
another server: $ LC_ALL=C lftp -d -u "user,password" ftp.gwdg.de ---- Resolving host address... ---- IPv6 is not supported or configured ---- 1 address found: 134.76.12.6 lftp [email protected]:~> ls ---- Connecting to ftp.gwdg.de (134.76.12.6) port 21 <--- 220-Welcome to ftp.gwdg.de <--- 220- <--- 220 ---> FEAT <--- 211-Features: <--- AUTH TLS <--- EPRT <--- EPSV <--- MDTM <--- PASV <--- PBSZ <--- PROT <--- REST STREAM <--- SIZE <--- TVFS <--- UTF8 <--- 211 End ---> AUTH TLS <--- 234 Proceed with negotiation. Speicherzugriffsfehler
removing the only config line in the rc file the seg fault disappears:
$ cat /.lftp/rc #set ssl:crl-file /tmp/GlobalRoot_Class_2.crl $ LC_ALL=C lftp -d -u "user,password" ftp.gwdg.de ---- Resolving host address... ---- IPv6 is not supported or configured ---- 1 address found: 134.76.12.6 lftp [email protected]:> ls ---- Connecting to ftp.gwdg.de (134.76.12.6) port 21 <--- 220-Welcome to ftp.gwdg.de <--- 220- <--- 220 ---> FEAT <--- 211-Features: <--- AUTH TLS <--- EPRT <--- EPSV <--- MDTM <--- PASV <--- PBSZ <--- PROT <--- REST STREAM <--- SIZE <--- TVFS <--- UTF8 <--- 211 End ---> AUTH TLS <--- 234 Proceed with negotiation. Loaded 147 CAs Loaded 0 CRLs ---> OPTS UTF8 ON <--- 200 Always in UTF8 mode. initialized translation from ANSI_X3.4-1968 to UTF-8 initialized translation from UTF-8 to ANSI_X3.4-1968//TRANSLIT ---> USER user <--- 530 This FTP server is anonymous only. ---> QUIT ls: Login failed: 530 This FTP server is anonymous only. gnutls_record_recv: The TLS connection was non-properly terminated. Assuming EOF. <--- 221 Goodbye. ---- Closing control socket
Without the -u and without ssl:crl-file there is no segmentation fault.
Thank you for lftp.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hello,
I can reproduce seg faults with CRL files:
$ lftp -v
LFTP | Version 4.9.2 | Copyright (c) 1996-2020 Alexander V. Lukyanov
...
$ cat ~/.lftp/rc
set ssl:crl-file /tmp/GlobalRoot_Class_2.crl
Tested some CRL files and it doesn't look like it depends on the CRL file. This one is just an example:
https://corporate-pki.telekom.de/rl/GlobalRoot_Class_2.crl from https://corporate-pki.telekom.de/GlobalRootClass2.html
$ openssl crl -text -in /tmp/GlobalRoot_Class_2.crl -noout
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
...
$ LC_ALL=C lftp -d -u "user,password" ftp.giku.de
---- Resolving host address...
---- IPv6 is not supported or configured
---- 1 address found: 62.108.32.121
lftp [email protected]:~> ls
---- Connecting to ftp.giku.de (62.108.32.121) port 21
<--- 220 ProFTPD Server (ProFTPD) [62.108.32.121]
....
<--- UTF8
<--- 211 End
---> AUTH TLS
<--- 234 AUTH TLS successful
Speicherzugriffsfehler
another server:
$ LC_ALL=C lftp -d -u "user,password" ftp.gwdg.de
---- Resolving host address...
---- IPv6 is not supported or configured
---- 1 address found: 134.76.12.6
lftp [email protected]:~> ls
---- Connecting to ftp.gwdg.de (134.76.12.6) port 21
<--- 220-Welcome to ftp.gwdg.de
<--- 220-
<--- 220
---> FEAT
<--- 211-Features:
<--- AUTH TLS
<--- EPRT
<--- EPSV
<--- MDTM
<--- PASV
<--- PBSZ
<--- PROT
<--- REST STREAM
<--- SIZE
<--- TVFS
<--- UTF8
<--- 211 End
---> AUTH TLS
<--- 234 Proceed with negotiation.
Speicherzugriffsfehler
removing the only config line in the rc file the seg fault disappears:
$ cat
/.lftp/rc> ls#set ssl:crl-file /tmp/GlobalRoot_Class_2.crl
$ LC_ALL=C lftp -d -u "user,password" ftp.gwdg.de
---- Resolving host address...
---- IPv6 is not supported or configured
---- 1 address found: 134.76.12.6
lftp [email protected]:
---- Connecting to ftp.gwdg.de (134.76.12.6) port 21
<--- 220-Welcome to ftp.gwdg.de
<--- 220-
<--- 220
---> FEAT
<--- 211-Features:
<--- AUTH TLS
<--- EPRT
<--- EPSV
<--- MDTM
<--- PASV
<--- PBSZ
<--- PROT
<--- REST STREAM
<--- SIZE
<--- TVFS
<--- UTF8
<--- 211 End
---> AUTH TLS
<--- 234 Proceed with negotiation.
Loaded 147 CAs
Loaded 0 CRLs
---> OPTS UTF8 ON
<--- 200 Always in UTF8 mode.
initialized translation from ANSI_X3.4-1968 to UTF-8
initialized translation from UTF-8 to ANSI_X3.4-1968//TRANSLIT
---> USER user
<--- 530 This FTP server is anonymous only.
---> QUIT
ls: Login failed: 530 This FTP server is anonymous only.
gnutls_record_recv: The TLS connection was non-properly terminated. Assuming EOF.
<--- 221 Goodbye.
---- Closing control socket
Without the -u and without ssl:crl-file there is no segmentation fault.
Thank you for lftp.
The text was updated successfully, but these errors were encountered: