[Bug 900304] Re: getfacl: malloc(): memory corruption
Helge
900304 at bugs.launchpad.net
Mon Dec 5 14:50:43 UTC 2011
I forgot to mention that I had setgid enabled on the parent directory
(chmod g+s). Anyway, setting bit is not required to reproduce the bug.
CORRECTION: This bug also affects systems that use Likewise-Open 6.
Still, it only appears with certain combinations of user and group names.
I am not sure just yet what triggers the error, but these commands trigger the same thing (now, in a directory without setgid):
mkdir testdir
chown :CIVIL\\vhost_arch-civil-aau-dk_full testdir/
setfacl -Rd -m user:phk at civil.aau.dk:rwx -m group:CIVIL\\vhost_arch-civil-aau-dk_full:rwx testdir/
setfacl -Rn -m user:phk at civil.aau.dk:rwx -m group:CIVIL\\vhost_arch-civil-aau-dk_full:rwx testdir/
getfacl testdir/
Now testing on a server with Likewise-Open (using "DOMAIN\\name" format), this is the expected result:
------------
# file: testdir/
# owner: root
# group: CIVIL\134vhost_arch-civil-aau-dk_full
user::rwx
user:CIVIL\134phk:rwx #effective:r-x
group::r-x
group:CIVIL\134vhost_arch-civil-aau-dk_full:rwx #effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:user:CIVIL\134phk:rwx
default:group::r-x
default:group:CIVIL\134vhost_arch-civil-aau-dk_full:rwx
default:mask::rwx
default:other::r-x
------------
This is the output on terminal (without redirection/piping):
------------
# file: testdir/
# owner: root
# group: CIVIL\134vhost_arch-civil-aau-dk_full
*** glibc detected *** getfacl: corrupted double-linked list: 0x00000000007577e0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x775b6)[0x7f20a74f15b6]
/lib/libc.so.6(+0x7ddbb)[0x7f20a74f7dbb]
/lib/libc.so.6(realloc+0xf0)[0x7f20a74f80b0]
/lib/libacl.so.1(+0x3e46)[0x7f20a7a05e46]
getfacl[0x402a2c]
getfacl[0x4032f4]
getfacl(walk_tree+0x8b)[0x40386b]
getfacl[0x401df5]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f20a7498c4d]
getfacl[0x401859]
======= Memory map: ========
00400000-00405000 r-xp 00000000 fb:02 537184 /usr/bin/getfacl
00604000-00605000 r--p 00004000 fb:02 537184 /usr/bin/getfacl
00605000-00606000 rw-p 00005000 fb:02 537184 /usr/bin/getfacl
0074c000-0076d000 rw-p 00000000 00:00 0 [heap]
7f20a0000000-7f20a0021000 rw-p 00000000 00:00 0
7f20a0021000-7f20a4000000 ---p 00000000 00:00 0
7f20a57b8000-7f20a57ce000 r-xp 00000000 fb:02 522011 /lib/libgcc_s.so.1
7f20a57ce000-7f20a59cd000 ---p 00016000 fb:02 522011 /lib/libgcc_s.so.1
7f20a59cd000-7f20a59ce000 r--p 00015000 fb:02 522011 /lib/libgcc_s.so.1
7f20a59ce000-7f20a59cf000 rw-p 00016000 fb:02 522011 /lib/libgcc_s.so.1
7f20a59cf000-7f20a59e7000 r-xp 00000000 fb:02 521878 /lib/libpthread-2.11.1.so
7f20a59e7000-7f20a5be6000 ---p 00018000 fb:02 521878 /lib/libpthread-2.11.1.so
7f20a5be6000-7f20a5be7000 r--p 00017000 fb:02 521878 /lib/libpthread-2.11.1.so
7f20a5be7000-7f20a5be8000 rw-p 00018000 fb:02 521878 /lib/libpthread-2.11.1.so
7f20a5be8000-7f20a5bec000 rw-p 00000000 00:00 0
7f20a5bec000-7f20a5bf3000 r-xp 00000000 fb:02 521881 /lib/librt-2.11.1.so
7f20a5bf3000-7f20a5df2000 ---p 00007000 fb:02 521881 /lib/librt-2.11.1.so
7f20a5df2000-7f20a5df3000 r--p 00006000 fb:02 521881 /lib/librt-2.11.1.so
7f20a5df3000-7f20a5df4000 rw-p 00007000 fb:02 521881 /lib/librt-2.11.1.so
7f20a5df4000-7f20a5ed3000 r-xp 00000000 fb:02 783174 /opt/likewise/lib64/libiconv.so.2.4.0
7f20a5ed3000-7f20a5fd3000 ---p 000df000 fb:02 783174 /opt/likewise/lib64/libiconv.so.2.4.0
7f20a5fd3000-7f20a5fd5000 rw-p 000df000 fb:02 783174 /opt/likewise/lib64/libiconv.so.2.4.0
7f20a5fd5000-7f20a5fd7000 r-xp 00000000 fb:02 521866 /lib/libdl-2.11.1.so
7f20a5fd7000-7f20a61d7000 ---p 00002000 fb:02 521866 /lib/libdl-2.11.1.so
7f20a61d7000-7f20a61d8000 r--p 00002000 fb:02 521866 /lib/libdl-2.11.1.so
7f20a61d8000-7f20a61d9000 rw-p 00003000 fb:02 521866 /lib/libdl-2.11.1.so
7f20a61d9000-7f20a61f8000 r-xp 00000000 fb:02 783180 /opt/likewise/lib64/liblwmsg_nothr.so.0.0.0
7f20a61f8000-7f20a62f7000 ---p 0001f000 fb:02 783180 /opt/likewise/lib64/liblwmsg_nothr.so.0.0.0
7f20a62f7000-7f20a62fa000 rw-p 0001e000 fb:02 783180 /opt/likewise/lib64/liblwmsg_nothr.so.0.0.0
7f20a62fa000-7f20a62fd000 r-xp 00000000 fb:02 783185 /opt/likewise/lib64/libuuid.so.1.2.1
7f20a62fd000-7f20a63fc000 ---p 00003000 fb:02 783185 /opt/likewise/lib64/libuuid.so.1.2.1
7f20a63fc000-7f20a63fd000 rw-p 00002000 fb:02 783185 /opt/likewise/lib64/libuuid.so.1.2.1
7f20a63fd000-7f20a647e000 r-xp 00000000 fb:02 783178 /opt/likewise/lib64/liblwbase_nothr.so.0.0.0
7f20a647e000-7f20a657d000 ---p 00081000 fb:02 783178 /opt/likewise/lib64/liblwbase_nothr.so.0.0.0
7f20a657d000-7f20a65ab000 rw-p 00080000 fb:02 783178 /opt/likewise/lib64/liblwbase_nothr.so.0.0.0
7f20a65ab000-7f20a65ce000 r-xp 00000000 fb:02 783176 /opt/likewise/lib64/liblwadvapi_nothr.so.0.0.0
7f20a65ce000-7f20a66ce000 ---p 00023000 fb:02 783176 /opt/likewise/lib64/liblwadvapi_nothr.so.0.0.0
7f20a66ce000-7f20a66d6000 rw-p 00023000 fb:02 783176 /opt/likewise/lib64/liblwadvapi_nothr.so.0.0.0
7f20a66d6000-7f20a66ec000 r-xp 00000000 fb:02 521879 /lib/libresolv-2.11.1.so
7f20a66ec000-7f20a68eb000 ---p 00016000 fb:02 521879 /lib/libresolv-2.11.1.so
7f20a68eb000-7f20a68ec000 r--p 00015000 fb:02 521879 /lib/libresolv-2.11.1.so
7f20a68ec000-7f20a68ed000 rw-p 00016000 fb:02 521879 /lib/libresolv-2.11.1.so
7f20a68ed000-7f20a68ef000 rw-p 00000000 00:00 0
7f20a68ef000-7f20a6917000 r-xp 00000000 fb:02 783350 /opt/likewise/lib64/liblsacommon.so.0.0.0
7f20a6917000-7f20a6a16000 ---p 00028000 fb:02 783350 /opt/likewise/lib64/liblsacommon.so.0.0.0
7f20a6a16000-7f20a6a23000 rw-p 00027000 fb:02 783350 /opt/likewise/lib64/liblsacommon.so.0.0.0
7f20a6a23000-7f20a6a3b000 r-xp 00000000 fb:02 783348 /opt/likewise/lib64/liblsaclient.so.0.0.0
7f20a6a3b000-7f20a6b3a000 ---p 00018000 fb:02 783348 /opt/likewise/lib64/liblsaclient.so.0.0.0
7f20a6b3a000-7f20a6b3b000 rw-p 00017000 fb:02 783348 /opt/likewise/lib64/liblsaclient.so.0.0.0
7f20a6b3b000-7f20a6b3f000 r-xp 00000000 fb:02 783347 /opt/likewise/lib64/liblsaauth.so.0.0.0
7f20a6b3f000-7f20a6c3e000 ---p 00004000 fb:02 783347 /opt/likewise/lib64/liblsaauth.so.0.0.0
7f20a6c3e000-7f20a6c3f000 rw-p 00003000 fb:02 783347 /opt/likewise/lib64/liblsaauth.so.0.0.0
7f20a6c3f000-7f20a6c4b000 r-xp 00000000 fb:02 521873 /lib/libnss_files-2.11.1.so
7f20a6c4b000-7f20a6e4a000 ---p 0000c000 fb:02 521873 /lib/libnss_files-2.11.1.so
7f20a6e4a000-7f20a6e4b000 r--p 0000b000 fb:02 521873 /lib/libnss_files-2.11.1.so
7f20a6e4b000-7f20a6e4c000 rw-p 0000c000 fb:02 521873 /lib/libnss_files-2.11.1.so
7f20a6e4c000-7f20a6e56000 r-xp 00000000 fb:02 521875 /lib/libnss_nis-2.11.1.so
7f20a6e56000-7f20a7055000 ---p 0000a000 fb:02 521875 /lib/libnss_nis-2.11.1.so
7f20a7055000-7f20a7056000 r--p 00009000 fb:02 521875 /lib/libnss_nis-2.11.1.so
7f20a7056000-7f20a7057000 rw-p 0000a000 fb:02 521875 /lib/libnss_nis-2.11.1.so
Aborted
------------
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to acl in Ubuntu.
https://bugs.launchpad.net/bugs/900304
Title:
getfacl: malloc(): memory corruption
Status in “acl” package in Ubuntu:
New
Bug description:
I have found a combination of ACLs that, when set on a file on an
Active Directory joined (using Centrify Express) Ubuntu 10.04 server,
will crash the getfacl program upon reading.
The program crash seems to appear only when user and group names are
in an "unusual" format, as when using AD integration tools such as
CentrifyDC Express or Likewise-Open 6.
Running the test on a separate, non-AD joined host, using regular local user and groups, does not yield errors.
The error only seems to appear on certain combinations of user and group names.
Examples of the "unusual" format I talk about:
- DOMAIN\\this_is_a_rather_long_name
- this_is_a_rather_long_name at domain.tld
Quite interesting, the bug does not appear when the output of getfacl
is piped to another program or redirected to a file.
=== HOW TO REPRODUCE ===
Since the bug does not appear when using locally valid names, it may be required to install centrifydc express or likewise-open and set up an Active Directory environment for testing... or use something else that produces the "unusual" format in user/group names (perhaps LDAP can be used?).
mkdir testdir
touch testdir/testfile
setfacl -Rd -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
setfacl -Rn -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
getfacl testdir # <----- crashes - see: getfacl_testdir_noredirect_crash.log
getfacl testdir | less # <----- does not crash - see: getfacl_testdir_redirect_nocrash.log
getfacl testdir/testfile # <----- crashes - see: getfacl_testfile_noredirect_crash.log
getfacl testdir/testfile | less # <----- does not crash - see: getfacl_testfile_redirect_nocrash.log
=== ATTACHED LOGS ===
getfacl_testdir_noredirect_crash.log (copied from the terminal)
getfacl_testdir_redirect_nocrash.log (redirected to log file)
getfacl_testfile_noredirect_crash.log (copied from the terminal)
getfacl_testfile_redirect_nocrash.log (redirected to log file)
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: acl 2.2.49-2
ProcVersionSignature: Ubuntu 2.6.32-36.79-server 2.6.32.46+drm33.20
Uname: Linux 2.6.32-36-server x86_64
Architecture: amd64
Date: Mon Dec 5 14:43:30 2011
InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
ProcEnviron:
PATH=(custom, no user)
LANG=en_DK.UTF-8
SHELL=/bin/bash
SourcePackage: acl
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/900304/+subscriptions
More information about the foundations-bugs
mailing list