samba-bugs at samba.org
2010-Jun-02 21:11 UTC
DO NOT REPLY [Bug 7489] New: rsyncd segfaults using daemon exclude filter
https://bugzilla.samba.org/show_bug.cgi?id=7489 Summary: rsyncd segfaults using daemon exclude filter Product: rsync Version: 3.0.6 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned at samba.org ReportedBy: michael.roberts at hp.com QAContact: rsync-qa at samba.org Using target side filters in rsyncd.conf works well for files that are only manipulated on the target. However, if files from the source system match a filter on the target you can generate a core and rsync will stop responding on that system. in /var/log/messages you will see: May 28 19:47:06 v-lab-30-244-127 rsyncd[9157]: receiving file list May 28 19:47:06 v-lab-30-244-127 rsyncd[9157]: skipping daemon-excluded directory ".snap1" May 28 19:47:06 v-lab-30-244-127 rsyncd[9157]: *** Skipping any contents from this failed directory *** May 28 13:47:06 v-lab-30-244-127 kernel: rsyncd[9157]: segfault at fffffffffffffff9 rip 0000003ba1a758bb rsp 00007fff5b1c7750 error 4 In this case '.snap1' directory was created, and a file created in that directory. The target has a filter: .fs_*/*** .snap*/*** which matches, and the daemon dumps core. The problem appears in versions 3.0.6, 3.0.7 & HEAD, it is in generator.c. There is an error path that takes a 'goto' that skips the initialization of sx struct, then the cleanup tries to free random memory with a call to free_acl(&sx). In acls.c the free is void free_acl(stat_x *sxp) { if (sxp->acc_acl) { rsync_acl_free(sxp->acc_acl); free(sxp->acc_acl); <<<<<<< uninitialized In version 3.0.6 the 'bad' goto is at line 1315: rprintf(FERROR_XFER, "skipping daemon-excluded %s \"%s\"\n", is_dir ? "directory" : "file", fname); if (is_dir) goto skipping_dir_contents; <<<<<<<<<<<<<<<<< bad goto The fix is to move the initialization earlier in the code: # diff -c generator.c.orig generator.c *** generator.c.orig 2009-04-26 08:51:50.000000000 -0600 --- generator.c 2010-06-02 15:04:36.000000000 -0600 *************** *** 1300,1305 **** --- 1300,1311 ---- skip_dir = NULL; } + #ifdef SUPPORT_ACLS + sx.acc_acl = sx.def_acl = NULL; + #endif + #ifdef SUPPORT_XATTRS + sx.xattr = NULL; + #endif if (daemon_filter_list.head && (*fname != '.' || fname[1])) { if (check_filter(&daemon_filter_list, FLOG, fname, is_dir) < 0) { if (is_dir < 0) *************** *** 1317,1328 **** } } - #ifdef SUPPORT_ACLS - sx.acc_acl = sx.def_acl = NULL; - #endif - #ifdef SUPPORT_XATTRS - sx.xattr = NULL; - #endif if (dry_run > 1 || (dry_missing_dir && is_below(file, dry_missing_dir))) { parent_is_dry_missing: if (fuzzy_dirlist) { --- 1323,1328 ---- -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
samba-bugs at samba.org
2010-Jun-05 06:12 UTC
DO NOT REPLY [Bug 7489] rsyncd segfaults using daemon exclude filter
https://bugzilla.samba.org/show_bug.cgi?id=7489 wayned at samba.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Comment #1 from wayned at samba.org 2010-06-05 01:12 CST ------- Thanks for the bug report and the fix! This is now committed in the git repository (on both master and b3.0.x branches). -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.