Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 153930 - krb5 ftp client segfaults with out of order options in ~/.netrc
Summary: krb5 ftp client segfaults with out of order options in ~/.netrc
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: krb5
Version: 4.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2005-04-05 21:34 UTC by Stephen Gardner
Modified: 2012-06-20 15:53 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-06-20 15:53:22 UTC
Target Upstream Version:

Attachments (Terms of Use)
gdb output of segfault (deleted)
2005-04-05 23:07 UTC, Stephen Gardner
no flags Details

Description Stephen Gardner 2005-04-05 21:34:55 UTC
Description of problem:
When valid authentication options are put into ~/.netrc in the wrong order the
krb5 ftp client segfaults. In comparison the non-krb5 ftp client returns an
error message.

Version-Release number of selected component (if applicable):
RHEL4-AS-U0 (i386, x86_64) with
krb5-workstation-1.3.4-9 and -10

RHEL3-AS-U4 (i386) with

How reproducible:
Always (as root and non-root user)

Steps to Reproduce:
1. create ~/.netrc file containing
password root@
login anonymous

2. /usr/kerberos/bin/ftp
Actual results:
[root@server1 ~]# /usr/kerberos/bin/ftp
Connected to
220 Red Hat FTP server ready. All transfers are logged. (FTP)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Segmentation fault

Expected results:
NOTE: expected results output taken from non-krb5'd ftp client

[root@server1 ~]# /usr/bin/ftp
Connected to (
220 Red Hat FTP server ready. All transfers are logged. (FTP)
Error: `password' must follow `login' in .netrc

Additional info:
Regarding the expected behaviour the GNU inetutils v1.4.2 client (on a non-RHEL
system) re-orders the options (putting login before password) automatically when
parsing ~/.netrc.

Comment 1 Stephen Gardner 2005-04-05 23:07:23 UTC
Created attachment 112739 [details]
gdb output of segfault

Comment 2 Stephen Gardner 2005-04-05 23:10:05 UTC
The problem occurs with or without the "login" line present in the ~/.netrc file.

I note that the problem may be in the .netrc parsing code in 
src/appl/gssftp/ruserpass.c  of the krb5 package and that the file hasn't
changed even in the latest RAWHIDE krb5 SRPM and likely still exists.

I've attached (Comment #1) the output from gdb (based on rpmbuild of
krb5-1.3.4-12.src.rpm from

I'm not a programmer and therefore cannot offer a patch but whilst reading
through the code I would also draw your attention to another small section in 
ruserpass.c  which might be classed as a potential security vulnerability

ruserpass.c - line 136

        hdir = getenv("HOME");
        if (hdir == NULL)
                hdir = ".";
        (void) sprintf(buf, "%s/.netrc", hdir);  
        cfile = fopen(buf, "r");

If I read it correctly this will set the directory for the location of .netrc to
be "." if the HOME envirnoment variable doesn't exist (or is set to NULL).
Having any app (especially one that will likely be run by root) include "." as a
fallback directory for a config file (in this case a config file that allows the
declaration of macros which operation on remote servers) might be worth removing
/ modifying.

Comment 3 Jiri Pallich 2012-06-20 15:53:22 UTC
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.