[Bug 900304] Re: Effective permissions and long group names - getfacl: malloc(): memory corruption

dino99 900304 at bugs.launchpad.net
Sat Aug 1 12:33:40 UTC 2015 

This version has expired

** Changed in: acl (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to acl in Ubuntu.
https://bugs.launchpad.net/bugs/900304

Title:
  Effective permissions and long group names - getfacl: malloc(): memory
  corruption

Status in acl package in Ubuntu:
  Invalid

Bug description:
  I have found a combination of ACLs that, when set on a file on an
  Active Directory joined Ubuntu 10.04 server, will crash the getfacl
  program upon reading the ACL entries.

  The crash appears under the following conditions:
  1) getfacl is about to list effective permissions (i.e. limited by mask) for at least two ACL entries.
  2) At least one of these entries has a user/group name longer than 32 characters.
  3) The output of getfacl is not redirected nor piped to another program/file.

  Normally, user/group names longer than 32 characters are prevented
  from being created on the local system, but they are possible when
  using central authentication tools such as Centrify DirectControl and
  Likewise Open.

  The crash happens when effective permissions are to be listed, and only when the output of getfacl is written directly to terminal.
  Running the test on a separate, non-AD joined host, using regular local users and groups of maximum 32 characters, does not yield any errors.

  I have tested and confirmed this bug on two independent systems, both
  running Ubuntu 10.04 Server, with one using CentrifyDC Express 4.4.3
  for AD integration and the other one using Likewise-Open 6.

  === HOW TO REPRODUCE ===
  Since the bug does not appear when using locally valid names, it may be required to install centrifydc, likewise-open or another tool in order to create a test environment with user/group names longer than 32 characters. Perhaps LDAP can be used too?

  This example uses Centrify DirectControl 4.4.3 Express for AD
  integration.

  mkdir testdir
  touch testdir/testfile
  setfacl -Rd -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
  setfacl -Rn -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
  getfacl testdir    # crash, getfacl_testdir_noredirect_crash.log
  getfacl testdir > getfacl_testdir_redirect_nocrash.log
  getfacl testdir/testfile    # crash, getfacl_testfile_noredirect_crash.log
  getfacl testdir/testfile > getfacl_testfile_redirect_nocrash.log

  === ATTACHED LOGS ===
  getfacl_testdir_noredirect_crash.log    (copied from terminal)
  getfacl_testdir_redirect_nocrash.log    (redirected to log file)
  getfacl_testfile_noredirect_crash.log    (copied from terminal)
  getfacl_testfile_redirect_nocrash.log    (redirected to log file)

  
  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: acl 2.2.49-2
  ProcVersionSignature: Ubuntu 2.6.32-36.79-server 2.6.32.46+drm33.20
  Uname: Linux 2.6.32-36-server x86_64
  Architecture: amd64
  Date: Mon Dec  5 14:43:30 2011
  InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
  ProcEnviron:
   PATH=(custom, no user)
   LANG=en_DK.UTF-8
   SHELL=/bin/bash
  SourcePackage: acl

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/900304/+subscriptions

More information about the foundations-bugs mailing list