Bug#78678: marked as done (hurd: symlink to empty name crashes libdiskfs

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug#78678: marked as done (hurd: symlink to empty name crashes libdiskfs

From:	Debian Bug Tracking System
Subject:	Bug#78678: marked as done (hurd: symlink to empty name crashes libdiskfs)
Date:	Mon, 19 Aug 2002 15:33:22 -0500

Your message dated Mon, 19 Aug 2002 22:31:46 +0200
with message-id <20020819203146.GB5453@212.23.136.22>
and subject line closed
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 3 Dec 2000 15:29:56 +0000
>From Marcus.Brinkmann@ruhr-uni-bochum.de Sun Dec 03 09:29:56 2000
Return-path: <Marcus.Brinkmann@ruhr-uni-bochum.de>
Received: from (c3po.terralink.de) [194.97.37.23] (qmailr)
        by master.debian.org with smtp (Exim 3.12 1 (Debian))
        id 142b5P-0008BK-00; Sun, 03 Dec 2000 09:29:56 -0600
Received: (qmail 4184 invoked from network); 3 Dec 2000 15:29:54 -0000
Received: from 213?21?44?201.surf-callino.de (HELO localhost) 
(mail@213.21.44.201)
  by c3po.t-link.de with SMTP; 3 Dec 2000 15:29:54 -0000
Received: from marcus by localhost with local (Exim 3.16 #1 (Debian))
        id 142b7u-00006B-00; Sun, 03 Dec 2000 16:32:30 +0100
From: Marcus.Brinkmann@ruhr-uni-bochum.de
Subject: hurd: symlink to empty name crashes libdiskfs
To: submit@bugs.debian.org
X-Mailer: bug 3.2.9
Message-Id: <E142b7u-00006B-00@localhost>
Date: Sun, 03 Dec 2000 16:32:30 +0100
Organization: Marcus Brinkmann's Home
Delivered-To: submit@bugs.debian.org

Package: hurd
Version: N/A
Severity: normal

>From the TODO file:

*** If the target of a symlink is the empty string, stat seems to spin forever 
!!!

This is not true, instead it crashes with E_BAD_ACCESS. Here is what
happens. Consider 'ln -s "" foo; cat foo'

libdiskfs/dir-lookup.c:

path is "foo", we enter the main loop.
foo is looked up with diskfs_lookup, it is a symlink.
This throws us into line 306:

      if (S_ISLNK (np->dn_stat.st_mode)
          && (!lastcomp
              || mustbedir      /* "foo/" must see that foo points to a dir */
              || !(flags & (O_NOLINK|O_NOTRANS))))
        {

....

          if (diskfs_read_symlink_hook)
            error = (*diskfs_read_symlink_hook)(np, pathbuf);

[Now pathbuf is left unchanged, because st_size is zero.]
....

          pathbuf[nextnamelen + np->dn_stat.st_size] = '\0';

[Now pathbuf is the empty string, our link target]
....

          path = pathbuf;

[Now path is the empty string]
....

          diskfs_nput (np);
          np = 0;
        }

[We drop the node np]
....

    } while (path && *path);

[Main loop is not entered again to look up the link target, as path is the
empty string]
....

  /* At this point, np is the node to return.  If newnode is set, then
     we just created this node.  */

 gotit:
  type = np->dn_stat.st_mode & S_IFMT;

[The comment does not tell the truth. We die when referencing np == 0]

This is a null pointer reference. I think we need a flag to say: This is a
symlink target, dereference even if path is "", but I haven't tried such a
change yet.

Thanks,
Marcus

---------------------------------------
Received: (at 78678-done) by bugs.debian.org; 19 Aug 2002 20:31:50 +0000
>From Marcus.Brinkmann@ruhr-uni-bochum.de Mon Aug 19 15:31:50 2002
Return-path: <Marcus.Brinkmann@ruhr-uni-bochum.de>
Received: from porta.u64.de [194.77.88.106] 
        by master.debian.org with esmtp (Exim 3.12 1 (Debian))
        id 17gtBm-0007Qu-00; Mon, 19 Aug 2002 15:31:50 -0500
Received: from (ulysses) [212.23.136.22] 
        by porta.u64.de with asmtp (Exim 3.12 #1 (Debian))
        id 17gu6K-0007Dz-00; Mon, 19 Aug 2002 23:30:16 +0200
Received: from marcus by ulysses with local (Exim 3.35 #1 (Debian))
        id 17gtBj-0001RN-00
        for <78678-done@bugs.debian.org>; Mon, 19 Aug 2002 22:31:47 +0200
Date: Mon, 19 Aug 2002 22:31:46 +0200
From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
To: 78678-done@bugs.debian.org
Subject: closed
Message-ID: <20020819203146.GB5453@212.23.136.22>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Sender: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
Delivered-To: 78678-done@bugs.debian.org

This was fixed years ago.

Marcus

-- 
`Rhubarb is no Egyptian god.' GNU      http://www.gnu.org    marcus@gnu.org
Marcus Brinkmann              The Hurd http://www.gnu.org/software/hurd/
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de/

[Prev in Thread]

Current Thread

[Next in Thread]

Bug#78678: marked as done (hurd: symlink to empty name crashes libdiskfs), Debian Bug Tracking System <=

Prev by Date: Bug#149309: generic target in MAKEDEV
Next by Date: Bug#107826: marked as done (can not create file through a dangling symlink)
Previous by thread: Bug#149309: generic target in MAKEDEV
Next by thread: Bug#107826: marked as done (can not create file through a dangling symlink)
Index(es):
- Date
- Thread