Bug in rsyncd 2.5.0 while handling config file string values

tim.conway at philips.com tim.conway at philips.com
Tue Dec 4 03:45:10 EST 2001

Well, that's a bug, I'd reckon, but i want to point out that a config file 
with only one line is invalid.  you need to have at least a module and its 
path defined.  I wouldn't expect daemon mode to gracefully handle an 
invalid config, though simply declaring that the file is invalid and 
exiting would be nice.

Tim Conway
tim.conway at philips.com
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM
perl -e 'print pack(nnnnnnnnnnnn, 
".\n" '
"There are some who call me.... Tim?"

Heikki Vatiainen <hessu at cs.tut.fi>
Sent by: rsync-admin at lists.samba.org
12/02/2001 06:14 AM

        To:     rsync at lists.samba.org
        cc:     (bcc: Tim Conway/LMT/SC/PHILIPS)
        Subject:        Bug in rsyncd 2.5.0 while handling config file string values

I compiled and tried rsync 2.5.0 but could not get the server
running. loadparm.c:string_set() now calls free() which it did not do
in 2.4.6 and this free() tries to free memory that was not allocated
with malloc.

Here is a gdb run (done after adding return before fork() in
become_daemon) which shows where it crashes and what my minimal config
file for demonstrating the bug was. The config file only had one line
which was: uid = foobar

/usr/local/src/rsync/rsync-2.5.0:>gdb ./rsync
GNU gdb 5.0.90-cvs (MI_OUT)

(gdb) r --daemon --config=../rsyncd.conf
Starting program: /usr/local/src/rsync/rsync-2.5.0/./rsync --daemon 

Program received signal SIGSEGV, Segmentation fault.
0x4009cb2d in free () from /lib/libc.so.6
(gdb) bt
#0  0x4009cb2d in free () from /lib/libc.so.6
#1  0x08061286 in string_set (s=0x807ace4, v=0x808b374 "foobar") at 
#2  0x08061a20 in lp_do_parameter (snum=-2, parmname=0x808b370 "uid", 
parmvalue=0x808b374 "foobar")
    at loadparm.c:647
#3  0x08061b8b in do_parameter (parmname=0x808b370 "uid", 
parmvalue=0x808b374 "foobar") at loadparm.c:678
#4  0x0806057b in Parameter (InFile=0x808b200, pfunc=0x8061b58 
<do_parameter>, c=0) at params.c:405
#5  0x080606a4 in Parse (InFile=0x808b200, sfunc=0, pfunc=0x8061b58 
<do_parameter>) at params.c:461
#6  0x08060848 in pm_process (FileName=0xbffff80c "../rsyncd.conf", 
    pfunc=0x8061b58 <do_parameter>) at params.c:540
#7  0x08061cc7 in lp_load (pszFname=0x808b1c0 "../rsyncd.conf", 
globals_only=1) at loadparm.c:747
#8  0x08063095 in daemon_main () at clientserver.c:506
#9  0x0805225a in main (argc=0, argv=0x0) at main.c:817
#10 0x400476ef in __libc_start_main () from /lib/libc.so.6

(gdb) select 1
(gdb) p s
$1 = (char **) 0x807ace4
(gdb) p *s
$2 = 0x807680c "nobody"

(gdb) p sDefault
$3 = {name = 0x0, path = 0x0, comment = 0x0, lock_file = 0x8076813 
  read_only = 1, list = 1, use_chroot = 1, transfer_logging = 0, 
ignore_errors = 0, 
  uid = 0x807680c "nobody", gid = 0x807680c "nobody", hosts_allow = 0x0, 
hosts_deny = 0x0, 
  auth_users = 0x0, secrets_file = 0x0, strict_modes = 1, exclude = 0x0, 
exclude_from = 0x0, 
  include = 0x0, include_from = 0x0, log_format = 0x80767f3 "%o %h [%a] %m 
(%u) %f %l", 
  refuse_options = 0x0, dont_compress = 0x80767c0 "*.gz *.tgz *.zip *.z 
*.rpm *.deb *.iso *.bz2 *.tbz", 
  timeout = 0, max_connections = 0, ignore_nonreadable = 0}

(gdb) shell cat ../rsyncd.conf 
uid = foobar

Heikki Vatiainen                  * hessu at cs.tut.fi
Tampere University of Technology  * Tampere, Finland

More information about the rsync mailing list