NetBSD Problem Report #40319
From www@NetBSD.org Sat Jan 3 00:46:54 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id BE43663B8C6
for <gnats-bugs@gnats.netbsd.org>; Sat, 3 Jan 2009 00:46:54 +0000 (UTC)
Message-Id: <20090103004654.4A04863B884@narn.NetBSD.org>
Date: Sat, 3 Jan 2009 00:46:54 +0000 (UTC)
From: bjh21@netbsd.org
Reply-To: bjh21@netbsd.org
To: gnats-bugs@NetBSD.org
Subject: fts_close() spuriously closes fd 0
X-Send-Pr-Version: www-1.0
>Number: 40319
>Category: lib
>Synopsis: fts_close() spuriously closes fd 0
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: lukem
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Jan 03 00:50:00 +0000 2009
>Closed-Date: Sat Jan 24 21:25:22 +0000 2009
>Last-Modified: Sun Mar 01 03:10:02 +0000 2009
>Originator: Ben Harris
>Release: 4.0.1
>Organization:
>Environment:
NetBSD aquila.bjh21.me.uk 5.0_BETA NetBSD 5.0_BETA (GENERIC.MP) #0: Wed Dec 31 03:56:29 UTC 2008 builds@b6.netbsd.org:/home/builds/ab/netbsd-5/sparc64/200812300000Z-obj/home/builds/ab/netbsd-5/src/sys/arch/sparc64/compile/GENERIC.MP sparc64
>Description:
NB: problem system is running a 4.0.1 userland on a 5.0_BETA kernel. I
don't think this matters, though.
The problem is a simple one: if fts_open() is called with an "options"
argument that includes FTS_LOGICAL, then an immediate call of fts_close()
will close file descriptor 0 (standard input).
>How-To-Repeat:
Compile and run this program:
#include <sys/stat.h>
#include <err.h>
#include <fts.h>
#include <stdio.h>
#include <unistd.h>
int
main(int argc, char **argv)
{
FTS *ftsp;
char *path_argv[2];
struct stat st;
path_argv[0] = "/";
path_argv[1] = NULL;
if ((ftsp = fts_open(path_argv, FTS_LOGICAL, NULL)) == NULL)
err(1, "fts_open");
if (fts_close(ftsp) != 0) err(1, "fts_close");
if (fstat(STDIN_FILENO, &st) != 0) err(1, "stdin");
return 0;
}
On my system, this happens:
aquila:~$ cc -o fts_close_bug{,.c}
aquila:~$ ./fts_close_bug
fts_close_bug: stdin: Bad file descriptor
>Fix:
I think the problem lies in the use of ISSET(FTS_SYMFOLLOW) in fts.c.
ISSET tests the fts_options field, but the FTS_SYMFOLLOW flag is in
fts_flags. The value of FTS_SYMFOLLOW is the same as that of FTS_LOGICAL,
so if the latter is set, fts_close treats fts_cur->fts_symfd as being valid and
closes it, hence causing the problem. The obvious fix is as follows,
but I don't know the fts code at all well and I've not tested this since
I don't yet have a running -current system to test it on.
--- fts.c 02 Jan 2009 16:24:24 +0000 1.34
+++ fts.c 03 Jan 2009 00:43:27 +0000
@@ -256,7 +256,7 @@
* list which has a valid parent pointer.
*/
if (sp->fts_cur) {
- if (ISSET(FTS_SYMFOLLOW))
+ if (sp->fts_cur->fts_flags & FTS_SYMFOLLOW)
(void)close(sp->fts_cur->fts_symfd);
for (p = sp->fts_cur; p->fts_level >= FTS_ROOTLEVEL;) {
freep = p;
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: lib-bug-people->lukem
Responsible-Changed-By: lukem@NetBSD.org
Responsible-Changed-When: Sat, 03 Jan 2009 06:14:51 +0000
Responsible-Changed-Why:
I've dealt with it
State-Changed-From-To: open->closed
State-Changed-By: lukem@NetBSD.org
State-Changed-When: Sat, 03 Jan 2009 06:14:51 +0000
State-Changed-Why:
I've tested the problem (in NetBSD 3.0) and confirmed that it's there
and that Ben's fix resolves it. Given that all other tests of FTS_SYMFOLLOW
were written in the "fixed" style indicates that the problem has been
there since the line was originally added (rev 1.44 of __fts13.c)
Fix applied, pullups for 5.0 and 4.0 requested
From: Luke Mewburn <lukem@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/40319 CVS commit: src/lib/libc/gen
Date: Sat, 3 Jan 2009 06:12:14 +0000 (UTC)
Module Name: src
Committed By: lukem
Date: Sat Jan 3 06:12:14 UTC 2009
Modified Files:
src/lib/libc/gen: fts.c
Log Message:
Ensure fts_close() doesn't spuriously close fd 0,
by testing FTS_SYMFOLLOW in fts_flags instead of fts_options.
Fix provided by Ben Harris in PR 40319
To generate a diff of this commit:
cvs rdiff -r1.34 -r1.35 src/lib/libc/gen/fts.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: closed->pending-pullups
State-Changed-By: lukem@NetBSD.org
State-Changed-When: Mon, 05 Jan 2009 00:23:38 +0000
State-Changed-Why:
Pullup hasn't happened yet
From: Soren Jacobsen <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/40319 CVS commit: [netbsd-5] src/lib/libc/gen
Date: Thu, 8 Jan 2009 22:00:34 +0000 (UTC)
Module Name: src
Committed By: snj
Date: Thu Jan 8 22:00:34 UTC 2009
Modified Files:
src/lib/libc/gen [netbsd-5]: fts.c
Log Message:
Pull up following revision(s) (requested by lukem in ticket #226):
lib/libc/gen/fts.c: revision 1.35
Ensure fts_close() doesn't spuriously close fd 0,
by testing FTS_SYMFOLLOW in fts_flags instead of fts_options.
Fix provided by Ben Harris in PR 40319
To generate a diff of this commit:
cvs rdiff -r1.34 -r1.34.4.1 src/lib/libc/gen/fts.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/40319 CVS commit: [netbsd-4] src/lib/libc/gen
Date: Thu, 15 Jan 2009 22:05:39 +0000 (UTC)
Module Name: src
Committed By: bouyer
Date: Thu Jan 15 22:05:39 UTC 2009
Modified Files:
src/lib/libc/gen [netbsd-4]: fts.c
Log Message:
Pull up following revision(s) (requested by lukem in ticket #1256):
lib/libc/gen/fts.c: revision 1.35
Ensure fts_close() doesn't spuriously close fd 0,
by testing FTS_SYMFOLLOW in fts_flags instead of fts_options.
Fix provided by Ben Harris in PR 40319
To generate a diff of this commit:
cvs rdiff -r1.31 -r1.31.4.1 src/lib/libc/gen/fts.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/40319 CVS commit: [netbsd-4-0] src/lib/libc/gen
Date: Thu, 15 Jan 2009 22:06:18 +0000 (UTC)
Module Name: src
Committed By: bouyer
Date: Thu Jan 15 22:06:18 UTC 2009
Modified Files:
src/lib/libc/gen [netbsd-4-0]: fts.c
Log Message:
Pull up following revision(s) (requested by lukem in ticket #1256):
lib/libc/gen/fts.c: revision 1.35
Ensure fts_close() doesn't spuriously close fd 0,
by testing FTS_SYMFOLLOW in fts_flags instead of fts_options.
Fix provided by Ben Harris in PR 40319
To generate a diff of this commit:
cvs rdiff -r1.31 -r1.31.14.1 src/lib/libc/gen/fts.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sat, 24 Jan 2009 21:25:22 +0000
State-Changed-Why:
pullups done
From: Luke Mewburn <lukem@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/40319 CVS commit: othersrc/libexec/tnftpd/libnetbsd
Date: Sun, 1 Mar 2009 03:07:15 +0000
Module Name: othersrc
Committed By: lukem
Date: Sun Mar 1 03:07:15 UTC 2009
Modified Files:
othersrc/libexec/tnftpd/libnetbsd: fts_open.c
Log Message:
merge changes from src/lib/libc/gen/fts.c:
1.35:
Ensure fts_close() doesn't spuriously close fd 0,
by testing FTS_SYMFOLLOW in fts_flags instead of fts_options.
Fix provided by Ben Harris in PR 40319
1.37:
Fix sign-compare issue
1.38:
Avoid possible integer overflow and subsequent collateral damage.
Received from OpenBSD via US-CERT as VU #590371.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 othersrc/libexec/tnftpd/libnetbsd/fts_open.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.