Heikki Vatiainen
2001-Dec-03 00:14 UTC
Bug in rsyncd 2.5.0 while handling config file string values
I compiled and tried rsync 2.5.0 but could not get the server
running. loadparm.c:string_set() now calls free() which it did not do
in 2.4.6 and this free() tries to free memory that was not allocated
with malloc.
Here is a gdb run (done after adding return before fork() in
become_daemon) which shows where it crashes and what my minimal config
file for demonstrating the bug was. The config file only had one line
which was: uid = foobar
/usr/local/src/rsync/rsync-2.5.0:>gdb ./rsync
GNU gdb 5.0.90-cvs (MI_OUT)
(gdb) r --daemon --config=../rsyncd.conf
Starting program: /usr/local/src/rsync/rsync-2.5.0/./rsync --daemon
--config=../rsyncd.conf
Program received signal SIGSEGV, Segmentation fault.
0x4009cb2d in free () from /lib/libc.so.6
(gdb) bt
#0 0x4009cb2d in free () from /lib/libc.so.6
#1 0x08061286 in string_set (s=0x807ace4, v=0x808b374 "foobar") at
loadparm.c:400
#2 0x08061a20 in lp_do_parameter (snum=-2, parmname=0x808b370 "uid",
parmvalue=0x808b374 "foobar")
at loadparm.c:647
#3 0x08061b8b in do_parameter (parmname=0x808b370 "uid",
parmvalue=0x808b374 "foobar") at loadparm.c:678
#4 0x0806057b in Parameter (InFile=0x808b200, pfunc=0x8061b58
<do_parameter>, c=0) at params.c:405
#5 0x080606a4 in Parse (InFile=0x808b200, sfunc=0, pfunc=0x8061b58
<do_parameter>) at params.c:461
#6 0x08060848 in pm_process (FileName=0xbffff80c "../rsyncd.conf",
sfunc=0,
pfunc=0x8061b58 <do_parameter>) at params.c:540
#7 0x08061cc7 in lp_load (pszFname=0x808b1c0 "../rsyncd.conf",
globals_only=1) at loadparm.c:747
#8 0x08063095 in daemon_main () at clientserver.c:506
#9 0x0805225a in main (argc=0, argv=0x0) at main.c:817
#10 0x400476ef in __libc_start_main () from /lib/libc.so.6
(gdb) select 1
(gdb) p s
$1 = (char **) 0x807ace4
(gdb) p *s
$2 = 0x807680c "nobody"
(gdb) p sDefault
$3 = {name = 0x0, path = 0x0, comment = 0x0, lock_file = 0x8076813
"/var/run/rsyncd.lock",
read_only = 1, list = 1, use_chroot = 1, transfer_logging = 0, ignore_errors =
0,
uid = 0x807680c "nobody", gid = 0x807680c "nobody",
hosts_allow = 0x0, hosts_deny = 0x0,
auth_users = 0x0, secrets_file = 0x0, strict_modes = 1, exclude = 0x0,
exclude_from = 0x0,
include = 0x0, include_from = 0x0, log_format = 0x80767f3 "%o %h [%a] %m
(%u) %f %l",
refuse_options = 0x0, dont_compress = 0x80767c0 "*.gz *.tgz *.zip *.z
*.rpm *.deb *.iso *.bz2 *.tbz",
timeout = 0, max_connections = 0, ignore_nonreadable = 0}
(gdb) shell cat ../rsyncd.conf
uid = foobar
(gdb)
--
Heikki Vatiainen * hessu@cs.tut.fi
Tampere University of Technology * Tampere, Finland
Martin Pool
2001-Dec-03 00:48 UTC
Bug in rsyncd 2.5.0 while handling config file string values
On 2 Dec 2001, Heikki Vatiainen <hessu@cs.tut.fi> wrote:> I compiled and tried rsync 2.5.0 but could not get the server > running. loadparm.c:string_set() now calls free() which it did not do > in 2.4.6 and this free() tries to free memory that was not allocated > with malloc.Thankyou for the report. This should be fixed in 2.5.1pre1, which is available from the usual site. -- Martin
tim.conway@philips.com
2001-Dec-04 03:45 UTC
Bug in rsyncd 2.5.0 while handling config file string values
Well, that's a bug, I'd reckon, but i want to point out that a config
file
with only one line is invalid. you need to have at least a module and its
path defined. I wouldn't expect daemon mode to gracefully handle an
invalid config, though simply declaring that the file is invalid and
exiting would be nice.
Tim Conway
tim.conway@philips.com
303.682.4917
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM
perl -e 'print pack(nnnnnnnnnnnn,
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970),
".\n" '
"There are some who call me.... Tim?"
Heikki Vatiainen <hessu@cs.tut.fi>
Sent by: rsync-admin@lists.samba.org
12/02/2001 06:14 AM
To: rsync@lists.samba.org
cc: (bcc: Tim Conway/LMT/SC/PHILIPS)
Subject: Bug in rsyncd 2.5.0 while handling config file string
values
Classification:
I compiled and tried rsync 2.5.0 but could not get the server
running. loadparm.c:string_set() now calls free() which it did not do
in 2.4.6 and this free() tries to free memory that was not allocated
with malloc.
Here is a gdb run (done after adding return before fork() in
become_daemon) which shows where it crashes and what my minimal config
file for demonstrating the bug was. The config file only had one line
which was: uid = foobar
/usr/local/src/rsync/rsync-2.5.0:>gdb ./rsync
GNU gdb 5.0.90-cvs (MI_OUT)
(gdb) r --daemon --config=../rsyncd.conf
Starting program: /usr/local/src/rsync/rsync-2.5.0/./rsync --daemon
--config=../rsyncd.conf
Program received signal SIGSEGV, Segmentation fault.
0x4009cb2d in free () from /lib/libc.so.6
(gdb) bt
#0 0x4009cb2d in free () from /lib/libc.so.6
#1 0x08061286 in string_set (s=0x807ace4, v=0x808b374 "foobar") at
loadparm.c:400
#2 0x08061a20 in lp_do_parameter (snum=-2, parmname=0x808b370 "uid",
parmvalue=0x808b374 "foobar")
at loadparm.c:647
#3 0x08061b8b in do_parameter (parmname=0x808b370 "uid",
parmvalue=0x808b374 "foobar") at loadparm.c:678
#4 0x0806057b in Parameter (InFile=0x808b200, pfunc=0x8061b58
<do_parameter>, c=0) at params.c:405
#5 0x080606a4 in Parse (InFile=0x808b200, sfunc=0, pfunc=0x8061b58
<do_parameter>) at params.c:461
#6 0x08060848 in pm_process (FileName=0xbffff80c "../rsyncd.conf",
sfunc=0,
pfunc=0x8061b58 <do_parameter>) at params.c:540
#7 0x08061cc7 in lp_load (pszFname=0x808b1c0 "../rsyncd.conf",
globals_only=1) at loadparm.c:747
#8 0x08063095 in daemon_main () at clientserver.c:506
#9 0x0805225a in main (argc=0, argv=0x0) at main.c:817
#10 0x400476ef in __libc_start_main () from /lib/libc.so.6
(gdb) select 1
(gdb) p s
$1 = (char **) 0x807ace4
(gdb) p *s
$2 = 0x807680c "nobody"
(gdb) p sDefault
$3 = {name = 0x0, path = 0x0, comment = 0x0, lock_file = 0x8076813
"/var/run/rsyncd.lock",
read_only = 1, list = 1, use_chroot = 1, transfer_logging = 0,
ignore_errors = 0,
uid = 0x807680c "nobody", gid = 0x807680c "nobody",
hosts_allow = 0x0,
hosts_deny = 0x0,
auth_users = 0x0, secrets_file = 0x0, strict_modes = 1, exclude = 0x0,
exclude_from = 0x0,
include = 0x0, include_from = 0x0, log_format = 0x80767f3 "%o %h [%a] %m
(%u) %f %l",
refuse_options = 0x0, dont_compress = 0x80767c0 "*.gz *.tgz *.zip *.z
*.rpm *.deb *.iso *.bz2 *.tbz",
timeout = 0, max_connections = 0, ignore_nonreadable = 0}
(gdb) shell cat ../rsyncd.conf
uid = foobar
(gdb)
--
Heikki Vatiainen * hessu@cs.tut.fi
Tampere University of Technology * Tampere, Finland