From nobody@FreeBSD.org  Fri Sep 22 18:57:13 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 49AD316A407
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 22 Sep 2006 18:57:13 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CBAB043D45
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 22 Sep 2006 18:57:12 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k8MIvCo2063395
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 22 Sep 2006 18:57:12 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k8MIvClv063394;
	Fri, 22 Sep 2006 18:57:12 GMT
	(envelope-from nobody)
Message-Id: <200609221857.k8MIvClv063394@www.freebsd.org>
Date: Fri, 22 Sep 2006 18:57:12 GMT
From: Fabian Wenk <fabian@wenks.ch>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Corrupted files in copy-pass mode with cpio 2.4.2 and 2.5
X-Send-Pr-Version: www-2.3

>Number:         103496
>Category:       gnu
>Synopsis:       [patch] Corrupted files in copy-pass mode with cpio 2.4.2 and 2.5
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    delphij
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 22 19:00:30 GMT 2006
>Closed-Date:    Mon Oct 23 03:35:03 GMT 2006
>Last-Modified:  Mon Oct 23 03:35:03 GMT 2006
>Originator:     Fabian Wenk
>Release:        4.11, 5.4, 6.0, 6.1
>Organization:
>Environment:
FreeBSD batman.home4u.ch 4.11-RELEASE-p21 FreeBSD 4.11-RELEASE-p21 #12: Sat Sep 16 13:38:13 CEST 2006     root@batman.home4u.ch:/usr/obj/usr/src/sys/BATMAN  i386
FreeBSD glaernisch.ethz.ch 5.4-RELEASE-p12 FreeBSD 5.4-RELEASE-p12 #10: Wed Mar  1 21:21:28 CET 2006     root@glaernisch.ethz.ch:/usr/obj/usr/src/sys/GLAERNISCH  i386
FreeBSD tamesis.ethz.ch 6.0-RELEASE-p7 FreeBSD 6.0-RELEASE-p7 #1: Sun Apr 30 22:47:38 CEST 2006     root@tamesis.ethz.ch:/usr/obj/usr/src/sys/TAMESIS  i386
FreeBSD muertschen.ethz.ch 6.1-RELEASE-p5 FreeBSD 6.1-RELEASE-p5 #4: Mon Aug 28 16:47:03 CEST 2006     root@muertschen.ethz.ch:/usr/obj/usr/src/sys/MUERTSCHEN  i386
>Description:
We use cpio in a script to do snapshot backup of our file servers. The users
have read only access to their own files on the backup servers.

In some cases we have files on the backup which at the beginning contain
some bytes of the preceding file and missing the same amount of bytes at
the end (file size and modification time are the same as in the original
file). This missing bytes then can again be at the beginning of the next
file, and so on.

This creates corrupted files on the backup and in some cases this can be
an information leak if the preceding or subsequent file belongs to a
different user.

My co-worker Axel Beckert found the bug report "Corrupted files in copy-pass
mode with cpio 2.4.2 and 2.5" [1] from Holger Fleischmann in the GNU mail
archive from March 2004.

  [1] http://lists.gnu.org/archive/html/bug-cpio/2004-03/msg00000.html

This exactly matches the problem we see. During some testing it seems that
the maximum shifting is at around 512 bytes. After appling the patch below
and rebuilding and installing cpio, we could not reproduce it again.

Here are the relevant informations from the GNU cpio change logs:
---8<----------------------------------------------------------------
2004-03-02  Sergey Poznyakoff  <gray@Mirddin.farlep.net>

	* src/util.c (copy_files_disk_to_disk): Bugfix. If a file
	grew n bytes in copy-pass mode, these n bytes got prepended
	to the contents of all subsequent files. Fix provided by
	Holger Fleischmann <holger_fleischmann@mra.man.de>
	* THANKS: Added Holger Fleischmann.
---8<----------------------------------------------------------------
>How-To-Repeat:
See "Reproducing the bug" in [1].
>Fix:
Patch created from GNU cvs [2]:
---8<----------------------------------------------------------------
*** cpio/cpio/src/util.c	2004/02/27 14:18:23	1.2
--- cpio/cpio/src/util.c	2004/03/02 09:20:57	1.3
***************
*** 540,546 ****
    while (num_bytes > 0)
      {
        if (input_size == 0)
! 	if (rc = disk_fill_input_buffer (in_des, DISK_IO_BLOCK_SIZE))
  	  {
  	    if (rc > 0)
  	      error (0, 0, _("File %s shrunk by %ld bytes, padding with zeros"),
--- 540,546 ----
    while (num_bytes > 0)
      {
        if (input_size == 0)
! 	if (rc = disk_fill_input_buffer (in_des, num_bytes))
  	  {
  	    if (rc > 0)
  	      error (0, 0, _("File %s shrunk by %ld bytes, padding with zeros"),
---8<----------------------------------------------------------------

  [2] http://cvs.savannah.gnu.org/viewcvs/cpio/cpio/src/util.c?r1=1.2&r2=1.3&diff_format=c
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: delphij 
State-Changed-When: Mon Oct 23 03:33:16 UTC 2006 
State-Changed-Why:  
GNU cpio 2.6 has been MFC'ed to RELENG_6, which should resolved 
the issue (i.e. it contains the fix). 


Responsible-Changed-From-To: freebsd-bugs->delphij 
Responsible-Changed-By: delphij 
Responsible-Changed-When: Mon Oct 23 03:33:16 UTC 2006 
Responsible-Changed-Why:  
Take.  Contact me if the change does not work for you. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=103496 
>Unformatted:
