Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 7 Jan 2010 17:20:04 GMT
From:      Efstratios Karatzas <gpf.kira@gmail.com>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/139606: pkg_add(1) coredumps silently on atlantis symlink
Message-ID:  <201001071720.o07HK4W8087524@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/139606; it has been noted by GNATS.

From: Efstratios Karatzas <gpf.kira@gmail.com>
To: bug-followup@freebsd.org, phk@critter.freebsd.dk
Cc:  
Subject: Re: bin/139606: pkg_add(1) coredumps silently on atlantis symlink
Date: Thu, 7 Jan 2010 19:13:06 +0200

 --0016e6d784ee4cb473047c962fe0
 Content-Type: text/plain; charset=UTF-8
 
 Hello!
 
 Why pkg_add crashes:
 
 The problem exists in function fexists() which resides in file
 src/usr.sbin/pkg_install/lib/file.c
 
 The function is supposed to check if a file exists, but lstat(2) is
 being used instead of stat(2).
 lstat(2) checks only if the symbolic link file exists and not the
 actual file that the symbolic link points to.
 So, the symbolic link file exists, lstat returns 0. In
 src/usr.sbin/pkg_install/add/main.c we pass the check in line #247 and
 strdup(3) crashes because realpath(3) returns NULL. realpath() returns
 NULL because the actual file does not really exist.
 
 Fix:
 
 Instead of lstat(2) in file.c use stat(2). There is no reason to use
 lstat since we don't want to perform any special checks in case it is
 a sym link. So we use stat(2) which checks if the actual file that the
 symlink points to exists. This is done in patch-a-1.diff
 
 But the strdup(realpath()) call is still likely to cause a seg fault
 because there is a race condition: Check done (ok) -> file erased
 somehow -> realpath returns NULL -> strdup goes boom. So we check for
 the return value of the realpath() function too. This is done in
 patch-b-1.diff
 
 With these patches, the utility will just exist gracefully with an
 appropriate error message when, in pkg_perform, it cannot stat the
 actual file, so no crashes:
 
 ps: A lot of race conditions still exist in this utility but that is
 for another pr, another time.
 don't know if these are of any use but the original files I used are:
 
 main.c SVN rev 201226
 file.c SVN rev 198460
 
 Cheers
 
 -- 
 
 Efstratios "GPF" Karatzas
 
 --0016e6d784ee4cb473047c962fe0
 Content-Type: application/octet-stream; name="patch-a-1.diff"
 Content-Disposition: attachment; filename="patch-a-1.diff"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_g45ryqr81
 
 LS0tIGZpbGUub3JpZy5jCTIwMTAtMDEtMDcgMTc6NTg6MTkuMDAwMDAwMDAwICswMjAwCisrKyBm
 aWxlLmMJMjAxMC0wMS0wNyAxNzo1OToyNy4wMDAwMDAwMDAgKzAyMDAKQEAgLTMyLDcgKzMyLDcg
 QEAKIGZleGlzdHMoY29uc3QgY2hhciAqZm5hbWUpCiB7CiAgICAgc3RydWN0IHN0YXQgZHVtbXk7
 Ci0gICAgaWYgKCFsc3RhdChmbmFtZSwgJmR1bW15KSkKKyAgICBpZiAoIXN0YXQoZm5hbWUsICZk
 dW1teSkpCiAJcmV0dXJuIFRSVUU7CiAgICAgcmV0dXJuIEZBTFNFOwogfQo=
 --0016e6d784ee4cb473047c962fe0
 Content-Type: application/octet-stream; name="patch-b-1.diff"
 Content-Disposition: attachment; filename="patch-b-1.diff"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_g45rz8tm2
 
 LS0tIG1haW4ub3JpZy5jCTIwMTAtMDEtMDcgMTg6Mjg6NTguMDAwMDAwMDAwICswMjAwCisrKyBt
 YWluLmMJMjAxMC0wMS0wNyAxODozNjoxNC4wMDAwMDAwMDAgKzAyMDAKQEAgLTI0NCw4ICsyNDQs
 MTIgQEAKIAkJICAgIGVycngoMSwgInBhY2thZ2UgbmFtZSB0b28gbG9uZyIpOwogCQlwa2dzW2No
 XSA9IHN0cmR1cCh0ZW1wKTsKIAkgICAgfSBlbHNlIHsJCQkvKiBleHBhbmQgYWxsIHBhdGhuYW1l
 cyB0byBmdWxsbmFtZXMgKi8KLQkJaWYgKGZleGlzdHMoKmFyZ3YpKSAvKiByZWZlcnMgdG8gYSBm
 aWxlIGRpcmVjdGx5ICovCi0JCSAgICBwa2dzW2NoXSA9IHN0cmR1cChyZWFscGF0aCgqYXJndiwg
 dGVtcCkpOworCQlpZiAoZmV4aXN0cygqYXJndikpIHsgLyogcmVmZXJzIHRvIGEgZmlsZSBkaXJl
 Y3RseSAqLworCQkgICAgLyogcmFjZSBjb25kaXRpb24gc28gY2hlY2sgZm9yIHJldHVybiB2YWx1
 ZSBvZiByZWFscGF0aCgpICovCisJCSAgICBpZiAocmVhbHBhdGgoKmFyZ3YsIHRlbXApKSB7CisJ
 CQlwa2dzW2NoXSA9IHN0cmR1cCh0ZW1wKTsKKwkJICAgIH0KKwkJfQogCQllbHNlIHsJCS8qIGxv
 b2sgZm9yIHRoZSBmaWxlIGluIHRoZSBleHBlY3RlZCBwbGFjZXMgKi8KIAkJICAgIGlmICghKGNw
 ID0gZmlsZUZpbmRCeVBhdGgoTlVMTCwgKmFyZ3YpKSkgewogCQkJLyogbGV0IHBrZ19kbygpIGZh
 aWwgbGF0ZXIsIHNvIHRoYXQgZXJyb3IgaXMgcmVwb3J0ZWQgKi8K
 --0016e6d784ee4cb473047c962fe0--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001071720.o07HK4W8087524>