Bug 690226

Summary: nfs4_setfacl coredumps on malformed acls
Product: Red Hat Enterprise Linux 5 Reporter: Aleksey Nogin <aleksey>
Component: nfs4-acl-toolsAssignee: Steve Dickson <steved>
Status: CLOSED WONTFIX QA Contact: Filesystem QE <fs-qe>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 5.6CC: aleksey
Target Milestone: rc   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-02 13:00:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Aleksey Nogin 2011-03-23 16:16:38 UTC 
Description of problem:

If one gives nfs4_setfacl a malformed ACL (e.g. in setfacl format instead of the nfs4 format), nfs4_setfacl coredumps instead of giving an error message.


Version-Release number of selected component (if applicable):

nfs4-acl-tools-0.3.3-1.el5
libattr-2.4.32-1.1


How reproducible:

With a particular malformed acl (below) - 100%


Steps to Reproduce:
1. Run "nfs4_setfacl -a user:anogin:rw test"
  

Actual results:

% nfs4_setfacl -a user:anogin:rw test
*** glibc detected *** nfs4_setfacl: free(): invalid pointer: 0x00e720cc ***
======= Backtrace: =========
/lib/libc.so.6[0xe696c5]
/lib/libc.so.6(cfree+0x59)[0xe69b09]
nfs4_setfacl[0xf82a52]
nfs4_setfacl[0xf82b8a]
nfs4_setfacl[0xf82db4]
nfs4_setfacl[0xf81a47]
nfs4_setfacl[0xf80295]
nfs4_setfacl(main+0x626)[0xf80f46]
/lib/libc.so.6(__libc_start_main+0xdc)[0xe15e9c]
nfs4_setfacl[0xf7fec1]
======= Memory map: ========
00110000-0011b000 r-xp 00000000 08:11 902024     /lib/libgcc_s-4.1.2-20080825.so.1
0011b000-0011c000 rwxp 0000a000 08:11 902024     /lib/libgcc_s-4.1.2-20080825.so.1
00887000-008a2000 r-xp 00000000 08:11 901824     /lib/ld-2.5.so
008a2000-008a3000 r-xp 0001a000 08:11 901824     /lib/ld-2.5.so
008a3000-008a4000 rwxp 0001b000 08:11 901824     /lib/ld-2.5.so
00d64000-00d65000 r-xp 00d64000 00:00 0          [vdso]
00e00000-00f53000 r-xp 00000000 08:11 901862     /lib/libc-2.5.so
00f53000-00f55000 r-xp 00153000 08:11 901862     /lib/libc-2.5.so
00f55000-00f56000 rwxp 00155000 08:11 901862     /lib/libc-2.5.so
00f56000-00f59000 rwxp 00f56000 00:00 0
00f7f000-00f85000 r-xp 00000000 08:11 697935     /usr/bin/nfs4_setfacl
00f85000-00f86000 rwxp 00006000 08:11 697935     /usr/bin/nfs4_setfacl
00fd6000-00fda000 r-xp 00000000 08:11 902025     /lib/libattr.so.1.1.0
00fda000-00fdb000 rwxp 00003000 08:11 902025     /lib/libattr.so.1.1.0
083ac000-083cd000 rw-p 083ac000 00:00 0          [heap]
b7f49000-b7f4b000 rw-p b7f49000 00:00 0
bffc1000-bffd6000 rw-p bffe9000 00:00 0          [stack]
Abort (core dumped)
Exit 134

(about half of the time just dumps core without a glibc backtrace)


Expected results:

Some sort of error message


Additional info:

RHEL 5.6 with all updates. The NFSv4 server is also RHEL 5.6
Comment 4 RHEL Program Management 2014-03-07 13:31:49 UTC 
This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.
Comment 5 RHEL Program Management 2014-06-02 13:00:30 UTC 
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).