Subject: bin/1822: rdist dies when verifying modified links
To: None <>
From: Brian C. Grayson <>
List: netbsd-bugs
Date: 12/07/1995 14:40:30
>Number:         1822
>Category:       bin
>Synopsis:       rdist improperly handles verifying links that are different
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Dec  7 15:50:01 1995
>Originator:     Brian Grayson
	  Graduate Student, Electrical and Computer Engineering
	  The University of Texas at Austin
	  Office:  ENS 406       (512) 471-8011
>Release:        NetBSD-1.1<NetBSD-current source date>
System: NetBSD marvin 1.1 NetBSD 1.1 (MARVIN) #6: Wed Dec 6 15:58:17 CST 1995 chase@c3p0:/a/orac/home/orac/src/sys/arch/i386/compile/MARVIN i386

        When one uses rdist to verify ('install -v') a remote-machine's
	directory against the local version, if both the local and remote
	directories have symbolic links, and if the two links have
	different values, the remote process ('rdist -Server')
	inadvertently(*) closes the communication socket, thus
	making the local rdist process exit immediately with an error

	The problem also arises if the remote file is not a link (i.e., it
	is a regular file or directory).

        A simple fix is included below.

	(*) Reason for the accidental closure of the link:  
	The code in /usr/src/usr.bin/rdist/server.c:recvf() uses 'goto's,
	presumably to prevent code duplication.  However, one of the goto's
	assumes that it was reached while handling an ordinary file that
	has already been opened, with its file descriptor stored in the
	int 'f'.  This goto can be reached through a different chain of
	goto's, namely, when verifying files (rather than updating) and a
	remote link has a different value (ala readlink()) from the local
	link, in which case 'f' is uninitialized, and typically 0.  A
	close(0) is performed, which, since rdist uses stdin and stdout
	for its communication, ends communication between the two
	The following (13-line!  :)) uu-encoded, gzip'd tar file
	demonstrates the problem.  Extract the tar file at your home
	directory -- it will create the directory rdist.  Inside ~/rdist
	is a short README that discusses how to modify the
	'break.distfile' to work on your machine.  When rdist is run, it
	should exit with the message "lost connection".   If you have any
	other problems, mail me!
begin 644 rdist.tar.gz
        The following patch to /usr/src/usr.bin/rdist/server.c fixes the
	problem.  A better fix would be to rewrite recvf() (which is over
	250 lines long) into several helper functions, one for directories,
	one for links, etc., and eliminate all the goto's.  Anybody got
	some free time?  :)
*** server.c	Thu Dec  7 14:15:47 1995
--- server.c.dist	Thu Dec  7 10:21:03 1995
*** 704,710 ****
  	cp = cmd;
  	opts = 0;
- 	f = 0;		/*  Initialize, so for links it remains 0.  */
  	while (*cp >= '0' && *cp <= '7')
  		opts = (opts << 3) | (*cp++ - '0');
  	if (*cp++ != ' ') {
--- 704,709 ----
*** 918,926 ****
  		note("%s: utimes failed %s: %s\n", host, new, strerror(errno));
  	if (fchog(f, new, owner, group, mode) < 0) {
! badnew2:	
! 		if (f)		/*  Don't close if f hasn't been opened.  */
! 			(void) close(f);
  		(void) unlink(new);
--- 917,923 ----
  		note("%s: utimes failed %s: %s\n", host, new, strerror(errno));
  	if (fchog(f, new, owner, group, mode) < 0) {
! badnew2:	(void) close(f);
  		(void) unlink(new);