Bug 690226 - nfs4_setfacl coredumps on malformed acls
Summary: nfs4_setfacl coredumps on malformed acls
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nfs4-acl-tools
Version: 5.6
Hardware: i686
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Steve Dickson
QA Contact: Filesystem QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-23 16:16 UTC by Aleksey Nogin
Modified: 2015-02-21 00:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-02 13:00:30 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Aleksey Nogin 2011-03-23 16:16:38 UTC 
Description of problem:

If one gives nfs4_setfacl a malformed ACL (e.g. in setfacl format instead of the nfs4 format), nfs4_setfacl coredumps instead of giving an error message.


Version-Release number of selected component (if applicable):

nfs4-acl-tools-0.3.3-1.el5
libattr-2.4.32-1.1


How reproducible:

With a particular malformed acl (below) - 100%


Steps to Reproduce:
1. Run "nfs4_setfacl -a user:anogin:rw test"
  

Actual results:

% nfs4_setfacl -a user:anogin:rw test
*** glibc detected *** nfs4_setfacl: free(): invalid pointer: 0x00e720cc ***
======= Backtrace: =========
/lib/libc.so.6[0xe696c5]
/lib/libc.so.6(cfree+0x59)[0xe69b09]
nfs4_setfacl[0xf82a52]
nfs4_setfacl[0xf82b8a]
nfs4_setfacl[0xf82db4]
nfs4_setfacl[0xf81a47]
nfs4_setfacl[0xf80295]
nfs4_setfacl(main+0x626)[0xf80f46]
/lib/libc.so.6(__libc_start_main+0xdc)[0xe15e9c]
nfs4_setfacl[0xf7fec1]
======= Memory map: ========
00110000-0011b000 r-xp 00000000 08:11 902024     /lib/libgcc_s-4.1.2-20080825.so.1
0011b000-0011c000 rwxp 0000a000 08:11 902024     /lib/libgcc_s-4.1.2-20080825.so.1
00887000-008a2000 r-xp 00000000 08:11 901824     /lib/ld-2.5.so
008a2000-008a3000 r-xp 0001a000 08:11 901824     /lib/ld-2.5.so
008a3000-008a4000 rwxp 0001b000 08:11 901824     /lib/ld-2.5.so
00d64000-00d65000 r-xp 00d64000 00:00 0          [vdso]
00e00000-00f53000 r-xp 00000000 08:11 901862     /lib/libc-2.5.so
00f53000-00f55000 r-xp 00153000 08:11 901862     /lib/libc-2.5.so
00f55000-00f56000 rwxp 00155000 08:11 901862     /lib/libc-2.5.so
00f56000-00f59000 rwxp 00f56000 00:00 0
00f7f000-00f85000 r-xp 00000000 08:11 697935     /usr/bin/nfs4_setfacl
00f85000-00f86000 rwxp 00006000 08:11 697935     /usr/bin/nfs4_setfacl
00fd6000-00fda000 r-xp 00000000 08:11 902025     /lib/libattr.so.1.1.0
00fda000-00fdb000 rwxp 00003000 08:11 902025     /lib/libattr.so.1.1.0
083ac000-083cd000 rw-p 083ac000 00:00 0          [heap]
b7f49000-b7f4b000 rw-p b7f49000 00:00 0
bffc1000-bffd6000 rw-p bffe9000 00:00 0          [stack]
Abort (core dumped)
Exit 134

(about half of the time just dumps core without a glibc backtrace)


Expected results:

Some sort of error message


Additional info:

RHEL 5.6 with all updates. The NFSv4 server is also RHEL 5.6
Comment 4 RHEL Program Management 2014-03-07 13:31:49 UTC 
This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.
Comment 5 RHEL Program Management 2014-06-02 13:00:30 UTC 
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).
Note You need to log in before you can comment on or make changes to this bug.