From phk@critter.freebsd.dk  Wed Oct 14 15:31:59 2009
Return-Path: <phk@critter.freebsd.dk>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B03D3106568F
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 14 Oct 2009 15:31:59 +0000 (UTC)
	(envelope-from phk@critter.freebsd.dk)
Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222])
	by mx1.freebsd.org (Postfix) with ESMTP id 722128FC1C
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 14 Oct 2009 15:31:59 +0000 (UTC)
Received: from critter.freebsd.dk (critter-phk.freebsd.dk [192.168.48.2])
	by phk.freebsd.dk (Postfix) with ESMTP id 071D869959
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 14 Oct 2009 15:15:27 +0000 (UTC)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.14.3/8.14.3) with ESMTP id n9EFFlDw032453
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 14 Oct 2009 15:15:47 GMT
	(envelope-from phk@critter.freebsd.dk)
Received: (from phk@localhost)
	by critter.freebsd.dk (8.14.3/8.14.3/Submit) id n9EFFlXh032452;
	Wed, 14 Oct 2009 15:15:47 GMT
	(envelope-from phk)
Message-Id: <200910141515.n9EFFlXh032452@critter.freebsd.dk>
Date: Wed, 14 Oct 2009 15:15:47 GMT
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Reply-To: Poul-Henning Kamp <phk@critter.freebsd.dk>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: pkg_add coredumps silently on atlantis symlink
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         139606
>Category:       bin
>Synopsis:       [patch] pkg_add(1) coredumps silently on atlantis symlink
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    portmgr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 14 15:40:00 UTC 2009
>Closed-Date:    Mon May 21 13:33:20 UTC 2012
>Last-Modified:  Mon May 21 13:33:20 UTC 2012
>Originator:     Poul-Henning Kamp
>Release:        FreeBSD 7.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD ni-drift.freebsd.dk 7.2-STABLE FreeBSD 7.2-STABLE #0: Wed Oct 14 10:26:24 UTC 2009 root@ni-drift.freebsd.dk:/usr/obj/freebsd/stable_7/sys/GENERIC i386


>Description:

        Silent core-dump when pkg_add is giving a symlink that
        points nowhere.

>How-To-Repeat:

        ni-drift# ln -s foo/bar/barf pkg.tbz
        ni-drift# pkg_add !$
        pkg_add pkg.tbz
        Segmentation fault (core dumped)
        ni-drift# 

>Fix:

>Release-Note:
>Audit-Trail:

From: Efstratios Karatzas <gpf.kira@gmail.com>
To: bug-followup@freebsd.org, phk@critter.freebsd.dk
Cc:  
Subject: Re: bin/139606: pkg_add(1) coredumps silently on atlantis symlink
Date: Thu, 7 Jan 2010 19:13:06 +0200

 --0016e6d784ee4cb473047c962fe0
 Content-Type: text/plain; charset=UTF-8
 
 Hello!
 
 Why pkg_add crashes:
 
 The problem exists in function fexists() which resides in file
 src/usr.sbin/pkg_install/lib/file.c
 
 The function is supposed to check if a file exists, but lstat(2) is
 being used instead of stat(2).
 lstat(2) checks only if the symbolic link file exists and not the
 actual file that the symbolic link points to.
 So, the symbolic link file exists, lstat returns 0. In
 src/usr.sbin/pkg_install/add/main.c we pass the check in line #247 and
 strdup(3) crashes because realpath(3) returns NULL. realpath() returns
 NULL because the actual file does not really exist.
 
 Fix:
 
 Instead of lstat(2) in file.c use stat(2). There is no reason to use
 lstat since we don't want to perform any special checks in case it is
 a sym link. So we use stat(2) which checks if the actual file that the
 symlink points to exists. This is done in patch-a-1.diff
 
 But the strdup(realpath()) call is still likely to cause a seg fault
 because there is a race condition: Check done (ok) -> file erased
 somehow -> realpath returns NULL -> strdup goes boom. So we check for
 the return value of the realpath() function too. This is done in
 patch-b-1.diff
 
 With these patches, the utility will just exist gracefully with an
 appropriate error message when, in pkg_perform, it cannot stat the
 actual file, so no crashes:
 
 ps: A lot of race conditions still exist in this utility but that is
 for another pr, another time.
 don't know if these are of any use but the original files I used are:
 
 main.c SVN rev 201226
 file.c SVN rev 198460
 
 Cheers
 
 -- 
 
 Efstratios "GPF" Karatzas
 
 --0016e6d784ee4cb473047c962fe0
 Content-Type: application/octet-stream; name="patch-a-1.diff"
 Content-Disposition: attachment; filename="patch-a-1.diff"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_g45ryqr81
 
 LS0tIGZpbGUub3JpZy5jCTIwMTAtMDEtMDcgMTc6NTg6MTkuMDAwMDAwMDAwICswMjAwCisrKyBm
 aWxlLmMJMjAxMC0wMS0wNyAxNzo1OToyNy4wMDAwMDAwMDAgKzAyMDAKQEAgLTMyLDcgKzMyLDcg
 QEAKIGZleGlzdHMoY29uc3QgY2hhciAqZm5hbWUpCiB7CiAgICAgc3RydWN0IHN0YXQgZHVtbXk7
 Ci0gICAgaWYgKCFsc3RhdChmbmFtZSwgJmR1bW15KSkKKyAgICBpZiAoIXN0YXQoZm5hbWUsICZk
 dW1teSkpCiAJcmV0dXJuIFRSVUU7CiAgICAgcmV0dXJuIEZBTFNFOwogfQo=
 --0016e6d784ee4cb473047c962fe0
 Content-Type: application/octet-stream; name="patch-b-1.diff"
 Content-Disposition: attachment; filename="patch-b-1.diff"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_g45rz8tm2
 
 LS0tIG1haW4ub3JpZy5jCTIwMTAtMDEtMDcgMTg6Mjg6NTguMDAwMDAwMDAwICswMjAwCisrKyBt
 YWluLmMJMjAxMC0wMS0wNyAxODozNjoxNC4wMDAwMDAwMDAgKzAyMDAKQEAgLTI0NCw4ICsyNDQs
 MTIgQEAKIAkJICAgIGVycngoMSwgInBhY2thZ2UgbmFtZSB0b28gbG9uZyIpOwogCQlwa2dzW2No
 XSA9IHN0cmR1cCh0ZW1wKTsKIAkgICAgfSBlbHNlIHsJCQkvKiBleHBhbmQgYWxsIHBhdGhuYW1l
 cyB0byBmdWxsbmFtZXMgKi8KLQkJaWYgKGZleGlzdHMoKmFyZ3YpKSAvKiByZWZlcnMgdG8gYSBm
 aWxlIGRpcmVjdGx5ICovCi0JCSAgICBwa2dzW2NoXSA9IHN0cmR1cChyZWFscGF0aCgqYXJndiwg
 dGVtcCkpOworCQlpZiAoZmV4aXN0cygqYXJndikpIHsgLyogcmVmZXJzIHRvIGEgZmlsZSBkaXJl
 Y3RseSAqLworCQkgICAgLyogcmFjZSBjb25kaXRpb24gc28gY2hlY2sgZm9yIHJldHVybiB2YWx1
 ZSBvZiByZWFscGF0aCgpICovCisJCSAgICBpZiAocmVhbHBhdGgoKmFyZ3YsIHRlbXApKSB7CisJ
 CQlwa2dzW2NoXSA9IHN0cmR1cCh0ZW1wKTsKKwkJICAgIH0KKwkJfQogCQllbHNlIHsJCS8qIGxv
 b2sgZm9yIHRoZSBmaWxlIGluIHRoZSBleHBlY3RlZCBwbGFjZXMgKi8KIAkJICAgIGlmICghKGNw
 ID0gZmlsZUZpbmRCeVBhdGgoTlVMTCwgKmFyZ3YpKSkgewogCQkJLyogbGV0IHBrZ19kbygpIGZh
 aWwgbGF0ZXIsIHNvIHRoYXQgZXJyb3IgaXMgcmVwb3J0ZWQgKi8K
 --0016e6d784ee4cb473047c962fe0--

From: Garrett Cooper <yanegomi@gmail.com>
To: bug-followup@FreeBSD.org, phk@critter.freebsd.dk
Cc:  
Subject: Re: bin/139606: [patch] pkg_add(1) coredumps silently on atlantis 
	symlink
Date: Sat, 20 Mar 2010 23:44:06 -0700

 Hi PHK,
     The goals of this change are good and while this does do a better
 job than the other proposed change (bin/136419), there's one solitary
 problem: fexists is used all over the pkg_install code and minus the
 occasional corner case it's been relatively glitch free. Changing this
 code to use stat(2) instead of lstat(2) may have some unexpected
 consequences -- it would probably just be a wiser idea to 1) leave the
 code alone with the issue documented or 2) implement stat(2) in that
 section of code, because we know it's a problem section of code that
 needs to be resolved. Not doing this will result in potential
 regressive churn if it hasn't been adequately tested with a fine tooth
 comb.
 Thanks,
 -Garrett

From: Efstratios Karatzas <gpf.kira@gmail.com>
To: bug-followup@freebsd.org
Cc: Garrett Cooper <yanefbsd@gmail.com>
Subject: Re: bin/139606: [patch] pkg_add(1) coredumps silently on atlantis 
	symlink
Date: Mon, 22 Mar 2010 23:26:30 +0200

 --0016e6d78546bbf85a04826a5914
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: quoted-printable
 
 Yo Garrett.
 
 I concur with your statement. Even a minor change to a library method
 should not be taken lightly. Regrettably, I don't have the time to
 perform a foolproof testing of my original patch to all of the
 utilities that use this library; most of my free time goes to my
 preparation for the coming gsoc.
 
 On the other hand, leaving the bug as is does not sit well with me. So
 here is a fix for this particular part of the code. I may be a little
 sleepy as I'm writing this but everything seems okay, no segfaults or
 pissed of compilers.
 
 Thanks for your time!
 
 --=20
 
 Efstratios "GPF" Karatzas
 
 --0016e6d78546bbf85a04826a5914
 Content-Type: application/octet-stream; name="patch-2.diff"
 Content-Disposition: attachment; filename="patch-2.diff"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_g73sc9n30
 
 LS0tIG1haW4ub3JpZy5jCTIwMTAtMDMtMjIgMjI6NDg6MTkuMDAwMDAwMDAwICswMjAwCisrKyBt
 YWluLmMJMjAxMC0wMy0yMiAyMzowMjo0NC4wMDAwMDAwMDAgKzAyMDAKQEAgLTIyLDYgKzIyLDgg
 QEAKIF9fRkJTRElEKCIkRnJlZUJTRDogc3JjL3Vzci5zYmluL3BrZ19pbnN0YWxsL2FkZC9tYWlu
 LmMsdiAxLjcyLjIuOS4yLjEgMjAxMC8wMi8xMCAwMDoyNjoyMCBrZW5zbWl0aCBFeHAgJCIpOwog
 CiAjaW5jbHVkZSA8c3lzL3BhcmFtLmg+CisjaW5jbHVkZSA8c3lzL3N0YXQuaD4KKyNpbmNsdWRl
 IDxzeXMvdHlwZXMuaD4KICNpbmNsdWRlIDxzeXMvdXRzbmFtZS5oPgogI2luY2x1ZGUgPGVyci5o
 PgogI2luY2x1ZGUgPGdldG9wdC5oPgpAQCAtMTI4LDYgKzEzMCw3IEBACiAgICAgY2hhciAqY3As
 ICpwYWNrYWdlc2l0ZSA9IE5VTEwsICpyZW1vdGVwa2cgPSBOVUxMLCAqcHRyOwogICAgIHN0YXRp
 YyBjaGFyIHRlbXBwYWNrYWdlcm9vdFtNQVhQQVRITEVOXTsKICAgICBzdGF0aWMgY2hhciBwa2dh
 ZGRwYXRoW01BWFBBVEhMRU5dOworICAgIHN0cnVjdCBzdGF0IGR1bW15OwogCiAgICAgaWYgKCph
 cmd2WzBdICE9ICcvJyAmJiBzdHJjaHIoYXJndlswXSwgJy8nKSAhPSBOVUxMKQogCVBrZ0FkZENt
 ZCA9IHJlYWxwYXRoKGFyZ3ZbMF0sIHBrZ2FkZHBhdGgpOwpAQCAtMjQ1LDggKzI0OCwxMiBAQAog
 CQkgICAgZXJyeCgxLCAicGFja2FnZSBuYW1lIHRvbyBsb25nIik7CiAJCXBrZ3NbY2hdID0gc3Ry
 ZHVwKHRlbXApOwogCSAgICB9IGVsc2UgewkJCS8qIGV4cGFuZCBhbGwgcGF0aG5hbWVzIHRvIGZ1
 bGxuYW1lcyAqLwotCQlpZiAoZmV4aXN0cygqYXJndikpIC8qIHJlZmVycyB0byBhIGZpbGUgZGly
 ZWN0bHkgKi8KLQkJICAgIHBrZ3NbY2hdID0gc3RyZHVwKHJlYWxwYXRoKCphcmd2LCB0ZW1wKSk7
 CisJCS8qIAorCQkgKiByZWZlcnMgdG8gYSBmaWxlIGRpcmVjdGx5OyBzdGF0KDIpIGlzIHVzZWQg
 aW4gb3JkZXIgdG8gYXZvaWQgYnJva2VuIHN5bWxpbmtzLgorCQkgKiByYWNlIGNvbmRpdGlvbiBz
 byBjaGVjayByZXR1cm4gdmFsdWUgb2YgcmVhbHBhdGgoMykgYW5kIGF2b2lkIHNlZ2ZhdWx0CisJ
 CSAqLworCQlpZiAoIXN0YXQoKmFyZ3YsICZkdW1teSkgJiYgcmVhbHBhdGgoKmFyZ3YsIHRlbXAp
 ICE9IE5VTEwpCisJCSAgICBwa2dzW2NoXSA9IHN0cmR1cCh0ZW1wKTsKIAkJZWxzZSB7CQkvKiBs
 b29rIGZvciB0aGUgZmlsZSBpbiB0aGUgZXhwZWN0ZWQgcGxhY2VzICovCiAJCSAgICBpZiAoIShj
 cCA9IGZpbGVGaW5kQnlQYXRoKE5VTEwsICphcmd2KSkpIHsKIAkJCS8qIGxldCBwa2dfZG8oKSBm
 YWlsIGxhdGVyLCBzbyB0aGF0IGVycm9yIGlzIHJlcG9ydGVkICovCg==
 --0016e6d78546bbf85a04826a5914--
State-Changed-From-To: open->patched 
State-Changed-By: flz 
State-Changed-When: Thu Apr 1 17:11:03 UTC 2010 
State-Changed-Why:  
A patch addressing the symlink issue was committed to HEAD. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=139606 
Responsible-Changed-From-To: freebsd-bugs->portmgr 
Responsible-Changed-By: flz 
Responsible-Changed-When: Thu Apr 1 17:20:08 UTC 2010 
Responsible-Changed-Why:  
pkg_install is maintained by portmgr. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=139606 
State-Changed-From-To: patched->closed 
State-Changed-By: bapt 
State-Changed-When: Mon May 21 13:33:19 UTC 2012 
State-Changed-Why:  
A fix has already been committed 

http://www.freebsd.org/cgi/query-pr.cgi?pr=139606 
>Unformatted:
