From nobody@FreeBSD.org  Sat Mar 27 22:13:45 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CFDF7106568B
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 27 Mar 2010 22:13:45 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id BE2DE8FC17
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 27 Mar 2010 22:13:45 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o2RMDjH9080466
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 27 Mar 2010 22:13:45 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o2RMDjNB080465;
	Sat, 27 Mar 2010 22:13:45 GMT
	(envelope-from nobody)
Message-Id: <201003272213.o2RMDjNB080465@www.freebsd.org>
Date: Sat, 27 Mar 2010 22:13:45 GMT
From: Dan van Pelt <dan@chem.wwu.edu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: getfacl segfault on ZFS / NFSv4 acl enumeration
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         145091
>Category:       amd64
>Synopsis:       getfacl segfault on ZFS / NFSv4 acl enumeration
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    trasz
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 27 22:20:08 UTC 2010
>Closed-Date:    Tue Apr 13 06:01:36 UTC 2010
>Last-Modified:  Tue Apr 13 06:10:02 UTC 2010
>Originator:     Dan van Pelt
>Release:        8 STABLE
>Organization:
>Environment:
FreeBSD f80-2.chem.wwu.edu 8.0-STABLE FreeBSD 8.0-STABLE #0: Sat Mar 27 10:38:33 PDT 2010     dan@f80-2.chem.wwu.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:

This machine is running samba 3.4 / winbind and is joined to an active directory domain as a member server to act as a file server.  The volume being served is a ZFS volume where we wish to use nfs4 acls where the subjects are domain objects (groups, etc).  If a nfs4 acl is applied to a directory on the zfs volume that contains a group in AD, attempts to enumerate the acl with getfacl fail with a segfault.

>How-To-Repeat:
f80-2# mount
/dev/ad4s1a on / (ufs, local)
devfs on /dev (devfs, local, multilabel)
/dev/ad4s1d on /tmp (ufs, local, soft-updates)
/dev/ad4s1f on /usr (ufs, local, soft-updates)
/dev/ad4s1e on /var (ufs, local, soft-updates)
data on /data (zfs, local)
f80-2# getfacl /data/dan
# file: /data/dan
# owner: root
# group: wheel
            owner@:--------------:------:deny
            owner@:rwxp---A-W-Co-:------:allow
            group@:-w-p----------:------:deny
            group@:r-x-----------:------:allow
         everyone@:-w-p---A-W-Co-:------:deny
         everyone@:r-x---a-R-c--s:------:allow
f80-2# setfacl -m group:grp.my.ad.group:rwx:allow /data/dan
f80-2# getfacl /data/dan
# file: /data/dan
# owner: root
# group: wheel
Segmentation fault (core dumped)
f80-2# gdb /bin/getfacl
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
(gdb) run /data/dan
Starting program: /bin/getfacl /data/dan
# file: /data/dan
# owner: root
# group: wheel

Program received signal SIGSEGV, Segmentation fault.
memset () at /usr/src/lib/libc/amd64/string/memset.S:56
56      L1:     rep
Current language:  auto; currently asm
(gdb) bt
#0  memset () at /usr/src/lib/libc/amd64/string/memset.S:56
#1  0x00000008006b00f4 in _nfs4_acl_to_text_np (aclp=0x800a3a000, len_p=0x0,
    flags=Variable "flags" is not available.
) at /usr/src/lib/libc/posix1e/acl_to_text_nfs4.c:193
#2  0x0000000800682b25 in acl_to_text_np (acl=0x800a3a000, len_p=0x0, flags=0)
    at /usr/src/lib/libc/posix1e/acl_to_text.c:250
#3  0x000000000040107a in print_acl (path=0x7fffffffedbd "/data/dan", type=4,
    hflag=Variable "hflag" is not available.
) at /usr/src/bin/getfacl/getfacl.c:248
#4  0x0000000000401885 in main (argc=1, argv=Variable "argv" is not available.
)
    at /usr/src/bin/getfacl/getfacl.c:334
(gdb) quit
The program is running.  Exit anyway? (y or n) y
f80-2#
>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-amd64->trasz 
Responsible-Changed-By: trasz 
Responsible-Changed-When: Sun Mar 28 15:23:30 UTC 2010 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=145091 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: amd64/145091: commit references a PR
Date: Sun, 28 Mar 2010 17:29:27 +0000 (UTC)

 Author: trasz
 Date: Sun Mar 28 17:29:15 2010
 New Revision: 205796
 URL: http://svn.freebsd.org/changeset/base/205796
 
 Log:
   Make acl_to_text_np(3) not crash on long group or user names in NFSv4 ACLs.
   
   PR:		amd64/145091
   MFC after:	2 weeks
 
 Modified:
   head/lib/libc/posix1e/acl_to_text_nfs4.c
 
 Modified: head/lib/libc/posix1e/acl_to_text_nfs4.c
 ==============================================================================
 --- head/lib/libc/posix1e/acl_to_text_nfs4.c	Sun Mar 28 17:17:32 2010	(r205795)
 +++ head/lib/libc/posix1e/acl_to_text_nfs4.c	Sun Mar 28 17:29:15 2010	(r205796)
 @@ -167,7 +167,7 @@ format_additional_id(char *str, size_t s
  static int
  format_entry(char *str, size_t size, const acl_entry_t entry, int flags)
  {
 -	size_t off = 0, padding_length, maximum_who_field_length = 18;
 +	size_t off = 0, min_who_field_length = 18;
  	acl_permset_t permset;
  	acl_flagset_t flagset;
  	int error, len;
 @@ -188,12 +188,9 @@ format_entry(char *str, size_t size, con
  	if (error)
  		return (error);
  	len = strlen(buf);
 -	padding_length = maximum_who_field_length - len;
 -	if (padding_length > 0) {
 -		memset(str, ' ', padding_length);
 -		off += padding_length;
 -	}
 -	off += snprintf(str + off, size - off, "%s:", buf);
 +	if (len < min_who_field_length)
 +		len = min_who_field_length;
 +	off += snprintf(str + off, size - off, "%*s:", len, buf);
  
  	error = _nfs4_format_access_mask(buf, sizeof(buf), *permset,
  	    flags & ACL_TEXT_VERBOSE);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: trasz 
State-Changed-When: Sun Mar 28 19:13:03 UTC 2010 
State-Changed-Why:  
Fixed in HEAD. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=145091 
State-Changed-From-To: patched->closed 
State-Changed-By: trasz 
State-Changed-When: Tue Apr 13 06:01:36 UTC 2010 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=145091 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: amd64/145091: commit references a PR
Date: Tue, 13 Apr 2010 06:01:44 +0000 (UTC)

 Author: trasz
 Date: Tue Apr 13 06:01:24 2010
 New Revision: 206542
 URL: http://svn.freebsd.org/changeset/base/206542
 
 Log:
   MFC r205796:
   
   Make acl_to_text_np(3) not crash on long group or user names in NFSv4 ACLs.
   
   PR:		amd64/145091
 
 Modified:
   stable/8/lib/libc/posix1e/acl_to_text_nfs4.c
 Directory Properties:
   stable/8/lib/libc/   (props changed)
   stable/8/lib/libc/stdtime/   (props changed)
 
 Modified: stable/8/lib/libc/posix1e/acl_to_text_nfs4.c
 ==============================================================================
 --- stable/8/lib/libc/posix1e/acl_to_text_nfs4.c	Tue Apr 13 03:10:38 2010	(r206541)
 +++ stable/8/lib/libc/posix1e/acl_to_text_nfs4.c	Tue Apr 13 06:01:24 2010	(r206542)
 @@ -167,7 +167,7 @@ format_additional_id(char *str, size_t s
  static int
  format_entry(char *str, size_t size, const acl_entry_t entry, int flags)
  {
 -	size_t off = 0, padding_length, maximum_who_field_length = 18;
 +	size_t off = 0, min_who_field_length = 18;
  	acl_permset_t permset;
  	acl_flagset_t flagset;
  	int error, len;
 @@ -188,12 +188,9 @@ format_entry(char *str, size_t size, con
  	if (error)
  		return (error);
  	len = strlen(buf);
 -	padding_length = maximum_who_field_length - len;
 -	if (padding_length > 0) {
 -		memset(str, ' ', padding_length);
 -		off += padding_length;
 -	}
 -	off += snprintf(str + off, size - off, "%s:", buf);
 +	if (len < min_who_field_length)
 +		len = min_who_field_length;
 +	off += snprintf(str + off, size - off, "%*s:", len, buf);
  
  	error = _nfs4_format_access_mask(buf, sizeof(buf), *permset,
  	    flags & ACL_TEXT_VERBOSE);
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
