DO NOT REPLY [Bug 7489] New: rsyncd segfaults using daemon exclude filter
samba-bugs at samba.org
samba-bugs at samba.org
Wed Jun 2 15:11:10 MDT 2010
https://bugzilla.samba.org/show_bug.cgi?id=7489
Summary: rsyncd segfaults using daemon exclude filter
Product: rsync
Version: 3.0.6
Platform: x86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P3
Component: core
AssignedTo: wayned at samba.org
ReportedBy: michael.roberts at hp.com
QAContact: rsync-qa at samba.org
Using target side filters in rsyncd.conf works well for files that are
only manipulated on the target.
However, if files from the source system match a filter on the target you can
generate a core and rsync will stop responding on that system.
in /var/log/messages you will see:
May 28 19:47:06 v-lab-30-244-127 rsyncd[9157]: receiving file list
May 28 19:47:06 v-lab-30-244-127 rsyncd[9157]: skipping daemon-excluded
directory ".snap1"
May 28 19:47:06 v-lab-30-244-127 rsyncd[9157]: *** Skipping any contents from
this failed directory ***
May 28 13:47:06 v-lab-30-244-127 kernel: rsyncd[9157]: segfault at
fffffffffffffff9 rip 0000003ba1a758bb rsp 00007fff5b1c7750 error 4
In this case '.snap1' directory was created, and a file created in that
directory.
The target has a filter:
.fs_*/***
.snap*/***
which matches, and the daemon dumps core.
The problem appears in versions 3.0.6, 3.0.7 & HEAD, it is in generator.c.
There is an error path that takes a 'goto' that skips the initialization of sx
struct, then the cleanup tries to free random memory with a call to
free_acl(&sx). In acls.c the free is
void free_acl(stat_x *sxp)
{
if (sxp->acc_acl) {
rsync_acl_free(sxp->acc_acl);
free(sxp->acc_acl); <<<<<<< uninitialized
In version 3.0.6 the 'bad' goto is at line 1315:
rprintf(FERROR_XFER,
"skipping daemon-excluded %s \"%s\"\n",
is_dir ? "directory" : "file", fname);
if (is_dir)
goto skipping_dir_contents; <<<<<<<<<<<<<<<<<
bad goto
The fix is to move the initialization earlier in the code:
# diff -c generator.c.orig generator.c
*** generator.c.orig 2009-04-26 08:51:50.000000000 -0600
--- generator.c 2010-06-02 15:04:36.000000000 -0600
***************
*** 1300,1305 ****
--- 1300,1311 ----
skip_dir = NULL;
}
+ #ifdef SUPPORT_ACLS
+ sx.acc_acl = sx.def_acl = NULL;
+ #endif
+ #ifdef SUPPORT_XATTRS
+ sx.xattr = NULL;
+ #endif
if (daemon_filter_list.head && (*fname != '.' || fname[1])) {
if (check_filter(&daemon_filter_list, FLOG, fname, is_dir) < 0)
{
if (is_dir < 0)
***************
*** 1317,1328 ****
}
}
- #ifdef SUPPORT_ACLS
- sx.acc_acl = sx.def_acl = NULL;
- #endif
- #ifdef SUPPORT_XATTRS
- sx.xattr = NULL;
- #endif
if (dry_run > 1 || (dry_missing_dir && is_below(file,
dry_missing_dir))) {
parent_is_dry_missing:
if (fuzzy_dirlist) {
--- 1323,1328 ----
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the rsync
mailing list