From nobody@FreeBSD.org Sat Mar 27 22:13:45 2010 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CFDF7106568B for ; Sat, 27 Mar 2010 22:13:45 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id BE2DE8FC17 for ; Sat, 27 Mar 2010 22:13:45 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o2RMDjH9080466 for ; Sat, 27 Mar 2010 22:13:45 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o2RMDjNB080465; Sat, 27 Mar 2010 22:13:45 GMT (envelope-from nobody) Message-Id: <201003272213.o2RMDjNB080465@www.freebsd.org> Date: Sat, 27 Mar 2010 22:13:45 GMT From: Dan van Pelt To: freebsd-gnats-submit@FreeBSD.org Subject: getfacl segfault on ZFS / NFSv4 acl enumeration X-Send-Pr-Version: www-3.1 X-GNATS-Notify: >Number: 145091 >Category: amd64 >Synopsis: getfacl segfault on ZFS / NFSv4 acl enumeration >Confidential: no >Severity: serious >Priority: high >Responsible: trasz >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Mar 27 22:20:08 UTC 2010 >Closed-Date: Tue Apr 13 06:01:36 UTC 2010 >Last-Modified: Tue Apr 13 06:10:02 UTC 2010 >Originator: Dan van Pelt >Release: 8 STABLE >Organization: >Environment: FreeBSD f80-2.chem.wwu.edu 8.0-STABLE FreeBSD 8.0-STABLE #0: Sat Mar 27 10:38:33 PDT 2010 dan@f80-2.chem.wwu.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: This machine is running samba 3.4 / winbind and is joined to an active directory domain as a member server to act as a file server. The volume being served is a ZFS volume where we wish to use nfs4 acls where the subjects are domain objects (groups, etc). If a nfs4 acl is applied to a directory on the zfs volume that contains a group in AD, attempts to enumerate the acl with getfacl fail with a segfault. >How-To-Repeat: f80-2# mount /dev/ad4s1a on / (ufs, local) devfs on /dev (devfs, local, multilabel) /dev/ad4s1d on /tmp (ufs, local, soft-updates) /dev/ad4s1f on /usr (ufs, local, soft-updates) /dev/ad4s1e on /var (ufs, local, soft-updates) data on /data (zfs, local) f80-2# getfacl /data/dan # file: /data/dan # owner: root # group: wheel owner@:--------------:------:deny owner@:rwxp---A-W-Co-:------:allow group@:-w-p----------:------:deny group@:r-x-----------:------:allow everyone@:-w-p---A-W-Co-:------:deny everyone@:r-x---a-R-c--s:------:allow f80-2# setfacl -m group:grp.my.ad.group:rwx:allow /data/dan f80-2# getfacl /data/dan # file: /data/dan # owner: root # group: wheel Segmentation fault (core dumped) f80-2# gdb /bin/getfacl GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... (gdb) run /data/dan Starting program: /bin/getfacl /data/dan # file: /data/dan # owner: root # group: wheel Program received signal SIGSEGV, Segmentation fault. memset () at /usr/src/lib/libc/amd64/string/memset.S:56 56 L1: rep Current language: auto; currently asm (gdb) bt #0 memset () at /usr/src/lib/libc/amd64/string/memset.S:56 #1 0x00000008006b00f4 in _nfs4_acl_to_text_np (aclp=0x800a3a000, len_p=0x0, flags=Variable "flags" is not available. ) at /usr/src/lib/libc/posix1e/acl_to_text_nfs4.c:193 #2 0x0000000800682b25 in acl_to_text_np (acl=0x800a3a000, len_p=0x0, flags=0) at /usr/src/lib/libc/posix1e/acl_to_text.c:250 #3 0x000000000040107a in print_acl (path=0x7fffffffedbd "/data/dan", type=4, hflag=Variable "hflag" is not available. ) at /usr/src/bin/getfacl/getfacl.c:248 #4 0x0000000000401885 in main (argc=1, argv=Variable "argv" is not available. ) at /usr/src/bin/getfacl/getfacl.c:334 (gdb) quit The program is running. Exit anyway? (y or n) y f80-2# >Fix: >Release-Note: >Audit-Trail: Responsible-Changed-From-To: freebsd-amd64->trasz Responsible-Changed-By: trasz Responsible-Changed-When: Sun Mar 28 15:23:30 UTC 2010 Responsible-Changed-Why: I'll take it. http://www.freebsd.org/cgi/query-pr.cgi?pr=145091 From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: amd64/145091: commit references a PR Date: Sun, 28 Mar 2010 17:29:27 +0000 (UTC) Author: trasz Date: Sun Mar 28 17:29:15 2010 New Revision: 205796 URL: http://svn.freebsd.org/changeset/base/205796 Log: Make acl_to_text_np(3) not crash on long group or user names in NFSv4 ACLs. PR: amd64/145091 MFC after: 2 weeks Modified: head/lib/libc/posix1e/acl_to_text_nfs4.c Modified: head/lib/libc/posix1e/acl_to_text_nfs4.c ============================================================================== --- head/lib/libc/posix1e/acl_to_text_nfs4.c Sun Mar 28 17:17:32 2010 (r205795) +++ head/lib/libc/posix1e/acl_to_text_nfs4.c Sun Mar 28 17:29:15 2010 (r205796) @@ -167,7 +167,7 @@ format_additional_id(char *str, size_t s static int format_entry(char *str, size_t size, const acl_entry_t entry, int flags) { - size_t off = 0, padding_length, maximum_who_field_length = 18; + size_t off = 0, min_who_field_length = 18; acl_permset_t permset; acl_flagset_t flagset; int error, len; @@ -188,12 +188,9 @@ format_entry(char *str, size_t size, con if (error) return (error); len = strlen(buf); - padding_length = maximum_who_field_length - len; - if (padding_length > 0) { - memset(str, ' ', padding_length); - off += padding_length; - } - off += snprintf(str + off, size - off, "%s:", buf); + if (len < min_who_field_length) + len = min_who_field_length; + off += snprintf(str + off, size - off, "%*s:", len, buf); error = _nfs4_format_access_mask(buf, sizeof(buf), *permset, flags & ACL_TEXT_VERBOSE); _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" State-Changed-From-To: open->patched State-Changed-By: trasz State-Changed-When: Sun Mar 28 19:13:03 UTC 2010 State-Changed-Why: Fixed in HEAD. http://www.freebsd.org/cgi/query-pr.cgi?pr=145091 State-Changed-From-To: patched->closed State-Changed-By: trasz State-Changed-When: Tue Apr 13 06:01:36 UTC 2010 State-Changed-Why: Committed. Thanks! http://www.freebsd.org/cgi/query-pr.cgi?pr=145091 From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: amd64/145091: commit references a PR Date: Tue, 13 Apr 2010 06:01:44 +0000 (UTC) Author: trasz Date: Tue Apr 13 06:01:24 2010 New Revision: 206542 URL: http://svn.freebsd.org/changeset/base/206542 Log: MFC r205796: Make acl_to_text_np(3) not crash on long group or user names in NFSv4 ACLs. PR: amd64/145091 Modified: stable/8/lib/libc/posix1e/acl_to_text_nfs4.c Directory Properties: stable/8/lib/libc/ (props changed) stable/8/lib/libc/stdtime/ (props changed) Modified: stable/8/lib/libc/posix1e/acl_to_text_nfs4.c ============================================================================== --- stable/8/lib/libc/posix1e/acl_to_text_nfs4.c Tue Apr 13 03:10:38 2010 (r206541) +++ stable/8/lib/libc/posix1e/acl_to_text_nfs4.c Tue Apr 13 06:01:24 2010 (r206542) @@ -167,7 +167,7 @@ format_additional_id(char *str, size_t s static int format_entry(char *str, size_t size, const acl_entry_t entry, int flags) { - size_t off = 0, padding_length, maximum_who_field_length = 18; + size_t off = 0, min_who_field_length = 18; acl_permset_t permset; acl_flagset_t flagset; int error, len; @@ -188,12 +188,9 @@ format_entry(char *str, size_t size, con if (error) return (error); len = strlen(buf); - padding_length = maximum_who_field_length - len; - if (padding_length > 0) { - memset(str, ' ', padding_length); - off += padding_length; - } - off += snprintf(str + off, size - off, "%s:", buf); + if (len < min_who_field_length) + len = min_who_field_length; + off += snprintf(str + off, size - off, "%*s:", len, buf); error = _nfs4_format_access_mask(buf, sizeof(buf), *permset, flags & ACL_TEXT_VERBOSE); _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" >Unformatted: