[Bug 900304] Re: getfacl: malloc(): memory corruption

Helge 900304 at bugs.launchpad.net
Mon Dec 5 14:59:58 UTC 2011 

** Description changed:

  I have found a combination of ACLs that, when set on a file on an Active
  Directory joined (using Centrify Express) Ubuntu 10.04 server, will
  crash the getfacl program upon reading.
  
- The program crash seems to appear only when user and group names are
- listed in the format "name at domain.tld".
+ The program crash seems to appear only when user and group names are in
+ an "unusual" format, as when using AD integration tools such as
+ CentrifyDC Express or Likewise-Open 6.
  
  Running the test on a separate, non-AD joined host, using regular local user and groups, does not yield errors.
- Running the test on a host joined using Likewise-Open 6 and user/group name format "DOMAIN\\name" does not yield any errors.
+ The error only seems to appear on certain combinations of user and group names.
  
- Thus, I suspect this may caused by the "unusual" names with the "@"
- symbol, e.g. vhost_arch-civil-aau-dk_full at civil.aau.dk.
+ Examples of the "unusual" format I talk about:
+ -  DOMAIN\\this_is_a_rather_long_name
+ -  this_is_a_rather_long_name at domain.tld
  
  Quite interesting, the bug does not appear when the output of getfacl is
  piped to another program or redirected to a file.
  
- 
  === HOW TO REPRODUCE ===
- Since the bug does not appear when using locally valid group names, it may be required to install centrifydc express and set up an Active Directory environment for testing, or use something else that enables the "name at domain" format in user/group names (maybe LDAP?).
+ Since the bug does not appear when using locally valid names, it may be required to install centrifydc express or likewise-open and set up an Active Directory environment for testing... or use something else that produces the "unusual" format in user/group names (perhaps LDAP can be used?).
  
  mkdir testdir
  touch testdir/testfile
  setfacl -Rd -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
  setfacl -Rn -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
  getfacl testdir     # <----- crashes - see: getfacl_testdir_noredirect_crash.log
  getfacl testdir | less     # <----- does not crash - see: getfacl_testdir_redirect_nocrash.log
  getfacl testdir/testfile     # <----- crashes - see: getfacl_testfile_noredirect_crash.log
  getfacl testdir/testfile | less     # <----- does not crash - see: getfacl_testfile_redirect_nocrash.log
- 
  
  === ATTACHED LOGS ===
  getfacl_testdir_noredirect_crash.log    (copied from the terminal)
  getfacl_testdir_redirect_nocrash.log    (redirected to log file)
  getfacl_testfile_noredirect_crash.log    (copied from the terminal)
  getfacl_testfile_redirect_nocrash.log    (redirected to log file)
  
  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: acl 2.2.49-2
  ProcVersionSignature: Ubuntu 2.6.32-36.79-server 2.6.32.46+drm33.20
  Uname: Linux 2.6.32-36-server x86_64
  Architecture: amd64
  Date: Mon Dec  5 14:43:30 2011
  InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
  ProcEnviron:
-  PATH=(custom, no user)
-  LANG=en_DK.UTF-8
-  SHELL=/bin/bash
+  PATH=(custom, no user)
+  LANG=en_DK.UTF-8
+  SHELL=/bin/bash
  SourcePackage: acl

** Description changed:

  I have found a combination of ACLs that, when set on a file on an Active
  Directory joined (using Centrify Express) Ubuntu 10.04 server, will
  crash the getfacl program upon reading.
  
  The program crash seems to appear only when user and group names are in
  an "unusual" format, as when using AD integration tools such as
  CentrifyDC Express or Likewise-Open 6.
  
  Running the test on a separate, non-AD joined host, using regular local user and groups, does not yield errors.
  The error only seems to appear on certain combinations of user and group names.
  
  Examples of the "unusual" format I talk about:
  -  DOMAIN\\this_is_a_rather_long_name
  -  this_is_a_rather_long_name at domain.tld
  
  Quite interesting, the bug does not appear when the output of getfacl is
  piped to another program or redirected to a file.
  
  === HOW TO REPRODUCE ===
  Since the bug does not appear when using locally valid names, it may be required to install centrifydc express or likewise-open and set up an Active Directory environment for testing... or use something else that produces the "unusual" format in user/group names (perhaps LDAP can be used?).
  
  mkdir testdir
  touch testdir/testfile
  setfacl -Rd -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
  setfacl -Rn -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
- getfacl testdir     # <----- crashes - see: getfacl_testdir_noredirect_crash.log
- getfacl testdir | less     # <----- does not crash - see: getfacl_testdir_redirect_nocrash.log
- getfacl testdir/testfile     # <----- crashes - see: getfacl_testfile_noredirect_crash.log
- getfacl testdir/testfile | less     # <----- does not crash - see: getfacl_testfile_redirect_nocrash.log
+ getfacl testdir    # crash, getfacl_testdir_noredirect_crash.log
+ getfacl testdir > getfacl_testdir_redirect_nocrash.log
+ getfacl testdir/testfile    # crash, getfacl_testfile_noredirect_crash.log
+ getfacl testdir/testfile > getfacl_testfile_redirect_nocrash.log
  
  === ATTACHED LOGS ===
- getfacl_testdir_noredirect_crash.log    (copied from the terminal)
+ getfacl_testdir_noredirect_crash.log    (copied from terminal)
  getfacl_testdir_redirect_nocrash.log    (redirected to log file)
- getfacl_testfile_noredirect_crash.log    (copied from the terminal)
+ getfacl_testfile_noredirect_crash.log    (copied from terminal)
  getfacl_testfile_redirect_nocrash.log    (redirected to log file)
  
  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: acl 2.2.49-2
  ProcVersionSignature: Ubuntu 2.6.32-36.79-server 2.6.32.46+drm33.20
  Uname: Linux 2.6.32-36-server x86_64
  Architecture: amd64
  Date: Mon Dec  5 14:43:30 2011
  InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
  ProcEnviron:
   PATH=(custom, no user)
   LANG=en_DK.UTF-8
   SHELL=/bin/bash
  SourcePackage: acl

** Description changed:

  I have found a combination of ACLs that, when set on a file on an Active
  Directory joined (using Centrify Express) Ubuntu 10.04 server, will
  crash the getfacl program upon reading.
  
  The program crash seems to appear only when user and group names are in
  an "unusual" format, as when using AD integration tools such as
  CentrifyDC Express or Likewise-Open 6.
  
  Running the test on a separate, non-AD joined host, using regular local user and groups, does not yield errors.
  The error only seems to appear on certain combinations of user and group names.
  
  Examples of the "unusual" format I talk about:
  -  DOMAIN\\this_is_a_rather_long_name
  -  this_is_a_rather_long_name at domain.tld
  
  Quite interesting, the bug does not appear when the output of getfacl is
  piped to another program or redirected to a file.
  
  === HOW TO REPRODUCE ===
  Since the bug does not appear when using locally valid names, it may be required to install centrifydc express or likewise-open and set up an Active Directory environment for testing... or use something else that produces the "unusual" format in user/group names (perhaps LDAP can be used?).
  
+ This example uses Centrify DirectControl 4.4.3 Express for AD
+ integration.
+ 
  mkdir testdir
  touch testdir/testfile
  setfacl -Rd -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
  setfacl -Rn -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
  getfacl testdir    # crash, getfacl_testdir_noredirect_crash.log
  getfacl testdir > getfacl_testdir_redirect_nocrash.log
  getfacl testdir/testfile    # crash, getfacl_testfile_noredirect_crash.log
  getfacl testdir/testfile > getfacl_testfile_redirect_nocrash.log
  
  === ATTACHED LOGS ===
  getfacl_testdir_noredirect_crash.log    (copied from terminal)
  getfacl_testdir_redirect_nocrash.log    (redirected to log file)
  getfacl_testfile_noredirect_crash.log    (copied from terminal)
  getfacl_testfile_redirect_nocrash.log    (redirected to log file)
  
+ 
  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: acl 2.2.49-2
  ProcVersionSignature: Ubuntu 2.6.32-36.79-server 2.6.32.46+drm33.20
  Uname: Linux 2.6.32-36-server x86_64
  Architecture: amd64
  Date: Mon Dec  5 14:43:30 2011
  InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
  ProcEnviron:
   PATH=(custom, no user)
   LANG=en_DK.UTF-8
   SHELL=/bin/bash
  SourcePackage: acl

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to acl in Ubuntu.
https://bugs.launchpad.net/bugs/900304

Title:
  getfacl: malloc(): memory corruption

Status in “acl” package in Ubuntu:
  New

Bug description:
  I have found a combination of ACLs that, when set on a file on an
  Active Directory joined (using Centrify Express) Ubuntu 10.04 server,
  will crash the getfacl program upon reading.

  The program crash seems to appear only when user and group names are
  in an "unusual" format, as when using AD integration tools such as
  CentrifyDC Express or Likewise-Open 6.

  Running the test on a separate, non-AD joined host, using regular local user and groups, does not yield errors.
  The error only seems to appear on certain combinations of user and group names.

  Examples of the "unusual" format I talk about:
  -  DOMAIN\\this_is_a_rather_long_name
  -  this_is_a_rather_long_name at domain.tld

  Quite interesting, the bug does not appear when the output of getfacl
  is piped to another program or redirected to a file.

  === HOW TO REPRODUCE ===
  Since the bug does not appear when using locally valid names, it may be required to install centrifydc express or likewise-open and set up an Active Directory environment for testing... or use something else that produces the "unusual" format in user/group names (perhaps LDAP can be used?).

  This example uses Centrify DirectControl 4.4.3 Express for AD
  integration.

  mkdir testdir
  touch testdir/testfile
  setfacl -Rd -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
  setfacl -Rn -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
  getfacl testdir    # crash, getfacl_testdir_noredirect_crash.log
  getfacl testdir > getfacl_testdir_redirect_nocrash.log
  getfacl testdir/testfile    # crash, getfacl_testfile_noredirect_crash.log
  getfacl testdir/testfile > getfacl_testfile_redirect_nocrash.log

  === ATTACHED LOGS ===
  getfacl_testdir_noredirect_crash.log    (copied from terminal)
  getfacl_testdir_redirect_nocrash.log    (redirected to log file)
  getfacl_testfile_noredirect_crash.log    (copied from terminal)
  getfacl_testfile_redirect_nocrash.log    (redirected to log file)

  
  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: acl 2.2.49-2
  ProcVersionSignature: Ubuntu 2.6.32-36.79-server 2.6.32.46+drm33.20
  Uname: Linux 2.6.32-36-server x86_64
  Architecture: amd64
  Date: Mon Dec  5 14:43:30 2011
  InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
  ProcEnviron:
   PATH=(custom, no user)
   LANG=en_DK.UTF-8
   SHELL=/bin/bash
  SourcePackage: acl

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/900304/+subscriptions

More information about the foundations-bugs mailing list