On Friday 28 August 2009 19:20:52 Andriy Gapon wrote:
> on 27/08/2009 20:04 Andriy Gapon said the following:
> > [KCrash handler]
> > #6 0x0000000803dad5e0 in acl_dup () from /lib/libc.so.7
> > #7 0x0000000803d7cc87 in acl_to_text_np () from /lib/libc.so.7
> > #8 0x0000000800a3d4af in KACL::asString () from
> > /usr/local/lib/libkio.so.6 #9 0x0000000800ab4f31 in
> > KFilePermissionsPropsPlugin::KFilePermissionsPropsPlugin () from
> > /usr/local/lib/libkio.so.6
> > #10 0x0000000800ab73f0 in KPropertiesDialog::insertPages ()
> > from /usr/local/lib/libkio.so.6
> > #11 0x0000000800ab751e in KPropertiesDialog::init ()
> > from /usr/local/lib/libkio.so.6
> > ...
>
> I think that I found a cause and it actually makes me wonder why I got this
> crash only now.
> So constructor of KFilePermissionsPropsPlugin (see
> kio/kfile/kpropertiesdialog.cpp) has the following:
> 1573 d->extendedACL = item->ACL();
> 1574 d->defaultACL = item->defaultACL();
> and these lines are executed unconditionally (regardless of any filesystem
> properties or configuration settings).
> extendedACL and defaultACL variables of KACL type and this is how KACL copy
> constructor looks:
> 99 KACL::KACL( const KACL& rhs )
> 100 : d( new KACLPrivate )
> 101 {
> 102 setACL( rhs.asString() );
> 103 }
>
> asString method tries to convert m_acl member to string.
> Initially m_acl is set to zero, so it's not a valid acl(3) handle.
> Thus, when acl_to_text is called on zero acl_t variable a crash happens in
> libc.
>
> The following small patch helped me:
> --- kio/kio/kacl.cpp.orig 2006-01-19 19:06:10.000000000 +0200
> +++ kio/kio/kacl.cpp 2009-08-28 20:10:02.171081167 +0300
> @@ -606,7 +606,10 @@
> QString KACL::asString() const
> {
> #ifdef USE_POSIX_ACL
> - return aclAsString( d->m_acl );
> + if (d->m_acl)
> + return aclAsString( d->m_acl );
> + else
> + return QString::null;
> #else
> return QString::null;
> #endif
>
> The idea is to return QString::null if d->m_acl is not initialized (zero).
The real problem is not the kdelibs3 implementation but a regression in
FreeBSD introduced with the NFSv4 ACL import (rev 194955).
Before the import, acl_to_text checked if the passed acl_t was a NULL pointer
and aborted. Although this still happens, the original POSIX.1e function is
now called through a wrapper (acl_to_text_np) which determines what type of
ACL is being passed and in the process dereferences the passed acl_t without
checking if it is a NULL pointer.
The attached patch should fix this (only compile tested). Other acl functions
may have the same regression concerning POSIX.1e. From a very quick glance, at
least acl_calc_mask does, maybe others.
trasz: Can this be fixed in time for 8-RELEASE?
Thanks,
Markus
--- lib/libc/posix1e/acl_to_text.c.orig 2009-09-01 17:01:03.000000000 +0200
+++ lib/libc/posix1e/acl_to_text.c 2009-09-01 17:19:54.000000000 +0200
@@ -70,11 +70,6 @@
if (buf == NULL)
return(NULL);
- if (acl == NULL) {
- errno = EINVAL;
- return(NULL);
- }
-
acl_int = &acl->ats_acl;
mask_perm = ACL_PERM_BITS; /* effective is regular if no mask */
@@ -242,6 +237,10 @@
char *
acl_to_text_np(acl_t acl, ssize_t *len_p, int flags)
{
+ if (acl == NULL) {
+ errno = EINVAL;
+ return(NULL);
+ }
switch (_acl_brand(acl)) {
case ACL_BRAND_POSIX:
--- lib/libc/posix1e/acl_calc_mask.c.orig 2009-09-01 18:15:12.000000000 +0200
+++ lib/libc/posix1e/acl_calc_mask.c 2009-09-01 18:18:04.000000000 +0200
@@ -50,12 +50,6 @@
acl_t acl_new;
int i, mask_mode, mask_num;
- if (!_acl_brand_may_be(*acl_p, ACL_BRAND_POSIX)) {
- errno = EINVAL;
- return (-1);
- }
- _acl_brand_as(*acl_p, ACL_BRAND_POSIX);
-
/*
* (23.4.2.4) requires acl_p to point to a pointer to a valid ACL.
* Since one of the primary reasons to use this function would be
@@ -67,6 +61,13 @@
errno = EINVAL;
return (-1);
}
+
+ if (!_acl_brand_may_be(*acl_p, ACL_BRAND_POSIX)) {
+ errno = EINVAL;
+ return (-1);
+ }
+ _acl_brand_as(*acl_p, ACL_BRAND_POSIX);
+
acl_int = &(*acl_p)->ats_acl;
if ((acl_int->acl_cnt < 3) || (acl_int->acl_cnt > ACL_MAX_ENTRIES)) {
errno = EINVAL;
_______________________________________________
kde-freebsd mailing list
kde-freebsd@kde.org
https://mail.kde.org/mailman/listinfo/kde-freebsd
See also http://freebsd.kde.org/ for latest information
