acl-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Acl-devel] [PATCH 2/3] setfacl: fix restore crash on malformed input


From: Brandon Philips
Subject: [Acl-devel] [PATCH 2/3] setfacl: fix restore crash on malformed input
Date: Thu, 17 Dec 2009 16:51:01 -0800

From: Markus Steinborn <msteinbo>

Malformed input to setfacl --restore can cause a crash due to a double
free.

Ensure that freed memory is set to NULL.

Fixes this bug:
 https://savannah.nongnu.org/bugs/index.php?28185

Signed-off-by: Brandon Philips <address@hidden>
---
 setfacl/parse.c                         |    4 +++-
 test/Makefile                           |    3 ++-
 test/malformed-restore-double-owner.acl |    8 ++++++++
 test/malformed-restore.test             |   19 +++++++++++++++++++
 4 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 test/malformed-restore-double-owner.acl
 create mode 100644 test/malformed-restore.test

diff --git a/setfacl/parse.c b/setfacl/parse.c
index b333beb..e7e6add 100644
--- a/setfacl/parse.c
+++ b/setfacl/parse.c
@@ -525,8 +525,10 @@ read_acl_comments(
                return -1;
        return comments_read;
 fail:
-       if (path_p && *path_p)
+       if (path_p && *path_p) {
                free(*path_p);
+               *path_p = NULL;
+       }
        return -EINVAL;
 }
 
diff --git a/test/Makefile b/test/Makefile
index 828b6a4..0c6ee3e 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -22,7 +22,8 @@ include $(TOPDIR)/include/builddefs
 TESTS = $(wildcard *.test)
 ROOT = $(wildcard root/*.test)
 NFS = $(wildcard nfs/*.test)
-LSRCFILES = sort-getfacl-output run make-tree $(TESTS) $(ROOT) $(NFS)
+LSRCFILES = sort-getfacl-output run make-tree $(TESTS) $(ROOT) $(NFS) \
+       test/malformed-restore-double-owner.acl
 
 include $(BUILDRULES)
 
diff --git a/test/malformed-restore-double-owner.acl 
b/test/malformed-restore-double-owner.acl
new file mode 100644
index 0000000..1981de2
--- /dev/null
+++ b/test/malformed-restore-double-owner.acl
@@ -0,0 +1,8 @@
+# file: tmp
+# owner: USER
+# owner: USER
+# group: GROUP
+user::rwx
+group::rwx
+other::rwx
+
diff --git a/test/malformed-restore.test b/test/malformed-restore.test
new file mode 100644
index 0000000..e92b75b
--- /dev/null
+++ b/test/malformed-restore.test
@@ -0,0 +1,19 @@
+Test for malformed input to --restore
+ https://savannah.nongnu.org/bugs/index.php?28185
+
+       $ cp malformed-restore-double-owner.acl tmp.acl
+       $ sed -i "s/USER/%TUSER/g" tmp.acl
+       $ sed -i "s/GROUP/%TGROUP/g" tmp.acl
+       $ touch tmp
+       $ setfacl --restore tmp.acl
+       > setfacl: tmp.acl: Invalid argument
+       $ rm tmp.acl tmp
+
+       $ mkdir tmp
+       $ chmod 1777 tmp
+       $ getfacl tmp > tmp.acl
+       $ sed -i 's/--t/--x/g' tmp.acl
+       $ setfacl --restore tmp.acl
+       > setfacl: tmp.acl: Invalid argument
+       $ rmdir tmp
+       $ rm tmp.acl
-- 
1.6.4.2





reply via email to

[Prev in Thread] Current Thread [Next in Thread]