Opened 11 years ago

Last modified 7 years ago

#215 assigned defect

EMX ead* functions aborts with corrupted EAS

Reported by: Yuri Dario Owned by: bird
Priority: normal Milestone:
Component: libc-backend Version: 0.6.2
Severity: normal Keywords: eas
Cc:

Description

Calling _ead_read() on a file with corrupted EAS will crash the running program.

Debug shows that in src\lib\io\eadread.c the function:

static int _ead_make_gea (struct _ead_data *ead, PDENA2 pdena, void *arg)

is calling abort() for wrong name:

  if (pdena->szName[pdena->cbName] != 0)
    abort ();

Suggested fix is to return EINVAL or similar:

  if (pdena->szName[pdena->cbName] != 0)
    {
          errno = EINVAL;
          return -1;
    }

memory is freed by caller.

I cannot test the fix right now, but seems good to me.

Change History (5)

comment:1 Changed 10 years ago by bird

Need a testcase and/or good explanation what's going wrong here.

comment:2 Changed 10 years ago by Yuri Dario

Background: ead_* functions are used in Star backup code to deal with extended attributes (and emulate some xattr code).

In its earlier days, Samba/2 used to write bad EAS in certain conditions, so backup of such files was triggering the above abort() call.

Cleaning EAs for broken files fixed the problem on my side, but I think it is not a good idea to abort a program.

comment:3 Changed 10 years ago by bird

Status: newassigned

comment:4 Changed 9 years ago by bird

Milestone: libc-0.6.5libc-0.6.6

comment:5 Changed 7 years ago by Yuri Dario

Milestone: libc-0.6.6
Note: See TracTickets for help on using tickets.