Segmentation Fault on certain SFTP failures

[vectro]

I notice an lftp segmentation fault when running the 'find' command on a certain SFTP site. The SFTP server has the unusual characteristic that home = / and the connection user does not have the permission to list /.

I am using lftp 4.9.2; but the relevant code has not changed since that release. This is on CentOS 7.9.

Stack Trace:

#0  GetFileInfo::Do (this=0x64fa30) at GetFileInfo.cc:419
#1  0x00007ffff7921611 in SMTask::ScheduleThis (this=0x64fa30) at SMTask.cc:209
#2  0x00007ffff7921829 in SMTask::Schedule () at SMTask.cc:248
#3  0x00007ffff7bab59d in Job::WaitDone (this=0x61ae90) at Job.cc:557
#4  0x000000000040755b in main (argc=<optimized out>, argv=0x7fffffffe1e8) at lftp.cc:590

Output

Running in debug mode, the last thing before the crash is:

---> sending a packet, length=10, type=16(REALPATH), id=1
<--- got a packet, length=19, type=104(NAME), id=1
---- home set to /
---- checking directory `/'
---> sending a packet, length=14, type=17(STAT), id=2
---> sending a packet, length=15, type=17(STAT), id=3
<--- got a packet, length=37, type=101(STATUS), id=2
---- status code=3(Permission denied), message=Permission denied.
<--- got a packet, length=37, type=101(STATUS), id=3
---- status code=3(Permission denied), message=Permission denied.

Analysis

The stack trace points pretty directly at the problem. lftp attempts to get the zeroth element of an empty vector (get_info), which returns a NULL pointer (fi); which pointer is then dereferenced. I think the problem was introduced in this commit, which removed code that previously checked for an empty container ("get_info.size==NO_SIZE").