[Bug 900304] Re: getfacl: malloc(): memory corruption
Helge
900304 at bugs.launchpad.net
Mon Dec 5 15:43:41 UTC 2011
MAJOR CLUE:
The crash only happens on files where the effective permissions are limited by the mask.
Using the option --no-effective, getfacl no longer crashes.
Oh, and using a shorter user/group names (still containing "unusual"
characters) does not result in a crash.
So...
It seems that the conditions for triggering this bug is:
- getfacl is outputting to an interactive terminal (no pipes or redirects)
- long user or group names are present in the ACL
- the "#effective:..." string is to be outputted along with a long user/group entry
This has been testing on two separate systems using different solutions
for Active Directory integration.
** Summary changed:
- getfacl: malloc(): memory corruption
+ Effective permissions and long names - getfacl: malloc(): memory corruption
** Summary changed:
- Effective permissions and long names - getfacl: malloc(): memory corruption
+ Effective permissions and long group names - getfacl: malloc(): memory corruption
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to acl in Ubuntu.
https://bugs.launchpad.net/bugs/900304
Title:
Effective permissions and long group names - getfacl: malloc(): memory
corruption
Status in “acl” package in Ubuntu:
New
Bug description:
I have found a combination of ACLs that, when set on a file on an
Active Directory joined (using Centrify Express) Ubuntu 10.04 server,
will crash the getfacl program upon reading.
The program crash seems to appear only when user and group names are
in an "unusual" format, as when using AD integration tools such as
CentrifyDC Express or Likewise-Open 6.
Running the test on a separate, non-AD joined host, using regular local user and groups, does not yield errors.
The error only seems to appear on certain combinations of user and group names.
Examples of the "unusual" format I talk about:
- DOMAIN\\this_is_a_rather_long_name
- this_is_a_rather_long_name at domain.tld
Quite interesting, the bug does not appear when the output of getfacl
is piped to another program or redirected to a file.
=== HOW TO REPRODUCE ===
Since the bug does not appear when using locally valid names, it may be required to install centrifydc express or likewise-open and set up an Active Directory environment for testing... or use something else that produces the "unusual" format in user/group names (perhaps LDAP can be used?).
This example uses Centrify DirectControl 4.4.3 Express for AD
integration.
mkdir testdir
touch testdir/testfile
setfacl -Rd -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
setfacl -Rn -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
getfacl testdir # crash, getfacl_testdir_noredirect_crash.log
getfacl testdir > getfacl_testdir_redirect_nocrash.log
getfacl testdir/testfile # crash, getfacl_testfile_noredirect_crash.log
getfacl testdir/testfile > getfacl_testfile_redirect_nocrash.log
=== ATTACHED LOGS ===
getfacl_testdir_noredirect_crash.log (copied from terminal)
getfacl_testdir_redirect_nocrash.log (redirected to log file)
getfacl_testfile_noredirect_crash.log (copied from terminal)
getfacl_testfile_redirect_nocrash.log (redirected to log file)
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: acl 2.2.49-2
ProcVersionSignature: Ubuntu 2.6.32-36.79-server 2.6.32.46+drm33.20
Uname: Linux 2.6.32-36-server x86_64
Architecture: amd64
Date: Mon Dec 5 14:43:30 2011
InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
ProcEnviron:
PATH=(custom, no user)
LANG=en_DK.UTF-8
SHELL=/bin/bash
SourcePackage: acl
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/900304/+subscriptions
More information about the foundations-bugs
mailing list