[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#238375: marked as done (xutils: [lndir] can create incorrect links because it uses stat() instead of lstat())

Your message dated Sun, 18 Feb 2007 15:08:07 +0100
with message-id <45D85DC7.1040603@ens-lyon.org>
and subject line Bug#238375: xutils: [lndir] can create incorrect links because it uses stat() instead of lstat()
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: xutils
Version: 4.1.0-16woody3
Severity: normal
Tags: patch 

(xutils seems to own lndir; why is that?)

I discovered a flaw in lndir. 

First, please observe the following, correct, behaviour.

clown@frodo:~$ mkdir sourcedir; cd sourcedir                                   
clown@frodo:~/sourcedir$ mkdir dir1 dir2; touch file1
clown@frodo:~/sourcedir$ ln -s file1 linktofile1
clown@frodo:~/sourcedir$ ln -s dir1 linktodir1
clown@frodo:~/sourcedir$ ls -lG
total 8
drwxr-xr-x    2 clown       4096 Mar 16 20:05 dir1
drwxr-xr-x    2 clown       4096 Mar 16 20:05 dir2
-rw-r--r--    1 clown          0 Mar 16 20:05 file1
lrwxrwxrwx    1 clown          4 Mar 16 20:05 linktodir1 -> dir1
lrwxrwxrwx    1 clown          5 Mar 16 20:05 linktofile1 -> file1
clown@frodo:~/sourcedir$ cd ..; mkdir targetdir; cd targetdir
clown@frodo:~/targetdir$ lndir ../sourcedir 
../sourcedir/dir1:
../sourcedir/dir2:
clown@frodo:~/targetdir$ ls -lG; cd ..
total 8
drwxr-xr-x    2 clown       4096 Mar 16 20:06 dir1
drwxr-xr-x    2 clown       4096 Mar 16 20:06 dir2
lrwxrwxrwx    1 clown         18 Mar 16 20:06 file1 ->
../sourcedir/file1
lrwxrwxrwx    1 clown          4 Mar 16 20:06 linktodir1 -> dir1
lrwxrwxrwx    1 clown          5 Mar 16 20:06 linktofile1 -> file1

This is the correct behaviour of lndir.

However, things will go wrong when the sequence of creation is a bit
changed:

clown@frodo:~$ mkdir sourcedir2; cd sourcedir2
clown@frodo:~/sourcedir2$ mkdir dir1; touch file1
clown@frodo:~/sourcedir2$ ln -s file1 linktofile1
clown@frodo:~/sourcedir2$ ln -s dir1 linktodir1
clown@frodo:~/sourcedir2$ mkdir dir2
clown@frodo:~/sourcedir2$ ls -lG
total 8
drwxr-xr-x    2 clown       4096 Mar 16 20:13 dir1
drwxr-xr-x    2 clown       4096 Mar 16 20:13 dir2
-rw-r--r--    1 clown          0 Mar 16 20:13 file1
lrwxrwxrwx    1 clown          4 Mar 16 20:13 linktodir1 -> dir1
lrwxrwxrwx    1 clown          5 Mar 16 20:13 linktofile1 -> file1
clown@frodo:~/sourcedir2$ cd ..; mkdir targetdir2; cd targetdir2
clown@frodo:~/targetdir2$ lndir ../sourcedir2
../sourcedir2/dir1:
../sourcedir2/linktodir1:
clown@frodo:~/targetdir2$ ls -lG
total 8
drwxr-xr-x    2 clown       4096 Mar 16 20:15 dir1
lrwxrwxrwx    1 clown         18 Mar 16 20:15 dir2 ->
../sourcedir2/dir2
lrwxrwxrwx    1 clown         19 Mar 16 20:15 file1 ->
../sourcedir2/file1
drwxr-xr-x    2 clown       4096 Mar 16 20:15 linktodir1
lrwxrwxrwx    1 clown          5 Mar 16 20:15 linktofile1 -> file1
clown@frodo:~/targetdir2$

This is totally wrong!
- dir2 now falsely is a symlink to ../sourcedir2/dir2
- linktodir1 now falsely has become a directory

I have attached a patch for lndir.c which solves the problem (for me).
It all bowls does to the fact that the stat() function behaves in a way
that if the mentioned filename is a link, stat() will dereference it.
lstat() won't dereference it; the link itself is stat-ed (man 2 stat).

If not sure if this is good for upstream as will since lstat() might not
be available everywhere. Furthermore, there already seems to be some
sort of check later on (lines 235-239) but IMHO this is way too late.

I guess it needs further investigation.

--- lndir.c.orig        2004-03-16 20:21:33.000000000 +0100
+++ lndir.c     2004-03-16 20:55:21.000000000 +0100
@@ -192,9 +192,11 @@
        strcpy (p, dp->d_name);
 
        if (n_dirs > 0) {
-           if (stat (buf, &sb) < 0) {
-               mperror (buf);
-               continue;
+           if (lstat (buf, &sb) < 0) {
+               if (stat (buf, &sb) < 0) {
+                   mperror (buf);
+                   continue;
+               }
            }
 
 #ifdef S_ISDIR

Note that this problem might also not occur when the filesystem 'below'
the readdir() on line 183 _first_ returns all directories, followed by
files/symlinks. I am not aware of these filesystems but I'm sure they
exist; I ran these examples on ext3.

I checked 4.2.1 as well and it is flawed also.

Regards,
  Marc.

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux frodo 2.4.24meaculpa #1 Mon Jan 19 21:16:54 CET 2004 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages xutils depends on:
ii  libc6                  2.2.5-11.5        GNU C Library: Shared libraries an
ii  libncurses5            5.2.20020112a-7   Shared libraries for terminal hand
ii  xfree86-common         4.1.0-16woody3    X Window System (XFree86) infrastr
ii  zlib1g                 1:1.1.4-1.0woody0 compression library - runtime

--- End Message ---
--- Begin Message --- 
Version: 1.0.1-1

This has been fixed upstream 2 years ago in
http://gitweb.freedesktop.org/?p=xorg/util/lndir.git;a=commit;h=f147e94b91751af67000a29ba59d7cd94f163df6

The test sequence provided by the submitter now works fine.

Brice

--- End Message ---
Reply to: