Bug in rsyncd 2.5.0 while handling config file string values

Heikki Vatiainen hessu at cs.tut.fi
Mon Dec 3 00:14:22 EST 2001

I compiled and tried rsync 2.5.0 but could not get the server
running. loadparm.c:string_set() now calls free() which it did not do
in 2.4.6 and this free() tries to free memory that was not allocated
with malloc.

Here is a gdb run (done after adding return before fork() in
become_daemon) which shows where it crashes and what my minimal config
file for demonstrating the bug was. The config file only had one line
which was: uid = foobar

/usr/local/src/rsync/rsync-2.5.0:>gdb ./rsync
GNU gdb 5.0.90-cvs (MI_OUT)

(gdb) r --daemon --config=../rsyncd.conf
Starting program: /usr/local/src/rsync/rsync-2.5.0/./rsync --daemon --config=../rsyncd.conf

Program received signal SIGSEGV, Segmentation fault.
0x4009cb2d in free () from /lib/libc.so.6
(gdb) bt
#0  0x4009cb2d in free () from /lib/libc.so.6
#1  0x08061286 in string_set (s=0x807ace4, v=0x808b374 "foobar") at loadparm.c:400
#2  0x08061a20 in lp_do_parameter (snum=-2, parmname=0x808b370 "uid", parmvalue=0x808b374 "foobar")
    at loadparm.c:647
#3  0x08061b8b in do_parameter (parmname=0x808b370 "uid", parmvalue=0x808b374 "foobar") at loadparm.c:678
#4  0x0806057b in Parameter (InFile=0x808b200, pfunc=0x8061b58 <do_parameter>, c=0) at params.c:405
#5  0x080606a4 in Parse (InFile=0x808b200, sfunc=0, pfunc=0x8061b58 <do_parameter>) at params.c:461
#6  0x08060848 in pm_process (FileName=0xbffff80c "../rsyncd.conf", sfunc=0, 
    pfunc=0x8061b58 <do_parameter>) at params.c:540
#7  0x08061cc7 in lp_load (pszFname=0x808b1c0 "../rsyncd.conf", globals_only=1) at loadparm.c:747
#8  0x08063095 in daemon_main () at clientserver.c:506
#9  0x0805225a in main (argc=0, argv=0x0) at main.c:817
#10 0x400476ef in __libc_start_main () from /lib/libc.so.6

(gdb) select 1
(gdb) p s
$1 = (char **) 0x807ace4
(gdb) p *s
$2 = 0x807680c "nobody"

(gdb) p sDefault
$3 = {name = 0x0, path = 0x0, comment = 0x0, lock_file = 0x8076813 "/var/run/rsyncd.lock", 
  read_only = 1, list = 1, use_chroot = 1, transfer_logging = 0, ignore_errors = 0, 
  uid = 0x807680c "nobody", gid = 0x807680c "nobody", hosts_allow = 0x0, hosts_deny = 0x0, 
  auth_users = 0x0, secrets_file = 0x0, strict_modes = 1, exclude = 0x0, exclude_from = 0x0, 
  include = 0x0, include_from = 0x0, log_format = 0x80767f3 "%o %h [%a] %m (%u) %f %l", 
  refuse_options = 0x0, dont_compress = 0x80767c0 "*.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz", 
  timeout = 0, max_connections = 0, ignore_nonreadable = 0}

(gdb) shell cat ../rsyncd.conf 
uid = foobar

Heikki Vatiainen                  * hessu at cs.tut.fi
Tampere University of Technology  * Tampere, Finland

More information about the rsync mailing list