[Bug 1560429] Re: squid3: segfault when ftp passive mode is not available

Andreas Hasenack andreas at canonical.com
Fri Jul 7 14:45:03 UTC 2017 

** Description changed:

  [Impact]
  
-  * An explanation of the effects of the bug on users and
+ Users who use squid as an FTP proxy and access sites that block ftp PASV
+ mode will trigger a squid segfault. That means a brief service
+ interruption, as upstart/systemd will restart it.
  
-  * justification for backporting the fix to the stable release.
+ Since this is a crash, the backport seems justified. But there is an
+ effective workaround, see below.
  
-  * In addition, it is helpful, but not required, to include an
-    explanation of how the upload fixes this bug.
+ Upstream committed a fix, the same fix we are introducing here, which
+ essentially adds a lot of NULL checks but at the same time disables the
+ fallback ftp command EPRT should passive mode fail. Upstream states that
+ this command doesn't work properly in squid yet.
+ 
+ This is also the recommended workaround: disable EPRT by setting the
+ following in /etc/squid/squid.conf and restarting the service:
+ 
+ ftp_eprt off
+ 
  
  [Test Case]
  
-  * detailed instructions how to reproduce the bug
+  * detailed instructions how to reproduce the bug
  
-  * these should allow someone who is not familiar with the affected
-    package to reproduce the bug and verify that the updated package fixes
-    the problem.
+  * these should allow someone who is not familiar with the affected
+    package to reproduce the bug and verify that the updated package fixes
+    the problem.
  
  [Regression Potential]
  
-  * discussion of how regressions are most likely to manifest as a result
+  * discussion of how regressions are most likely to manifest as a result
  of this change.
  
-  * It is assumed that any SRU candidate patch is well-tested before
-    upload and has a low overall risk of regression, but it's important
-    to make the effort to think about what ''could'' happen in the
-    event of a regression.
+  * It is assumed that any SRU candidate patch is well-tested before
+    upload and has a low overall risk of regression, but it's important
+    to make the effort to think about what ''could'' happen in the
+    event of a regression.
  
-  * This both shows the SRU team that the risks have been considered,
-    and provides guidance to testers in regression-testing the SRU.
+  * This both shows the SRU team that the risks have been considered,
+    and provides guidance to testers in regression-testing the SRU.
  
  [Other Info]
-  
-  * Anything else you think is useful to include
-  * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
-  * and address these questions in advance
+ 
+  * Anything else you think is useful to include
+  * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board
+  * and address these questions in advance

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1560429

Title:
   squid3: segfault when ftp passive mode is not available

To manage notifications about this bug go to:
https://bugs.launchpad.net/squid/+bug/1560429/+subscriptions

More information about the Ubuntu-server-bugs mailing list