--- /dev/null
+
+ This patch fixes the strippath bug that created a buffer overrun and thus
+ a crash in the FD. It fixes bug #1078.
+
+ Apply it to version 2.2.8 or higher with:
+
+ cd <bacula-source>
+ patch -p0 <2.2.8-strippath.patch
+ ./configure <your options>
+ make
+ ...
+ make install
+
+
+Index: src/filed/backup.c
+===================================================================
+--- src/filed/backup.c (revision 6843)
++++ src/filed/backup.c (working copy)
+@@ -1102,9 +1102,9 @@
+
+ /* Copy to first path separator -- Win32 might have c: ... */
+ while (*in && !IsPathSeparator(*in)) {
+- *out++ = *in++;
++ out++; in++;
+ }
+- *out++ = *in++;
++ out++; in++;
+ numsep++; /* one separator seen */
+ for (stripped=0; stripped<count && *in; stripped++) {
+ while (*in && !IsPathSeparator(*in)) {
+@@ -1129,7 +1129,11 @@
+ }
+
+ /*
+- * If requested strip leading components of the path
++ * If requested strip leading components of the path so that we can
++ * save file as if it came from a subdirectory. This is most useful
++ * for dealing with snapshots, by removing the snapshot directory, or
++ * in handling vendor migrations where files have been restored with
++ * a vendor product into a subdirectory.
+ */
+ static void strip_path(FF_PKT *ff_pkt)
+ {
+@@ -1142,27 +1146,35 @@
+ ff_pkt->link_save = get_pool_memory(PM_FNAME);
+ }
+ pm_strcpy(ff_pkt->fname_save, ff_pkt->fname);
++ if (ff_pkt->type != FT_LNK && ff_pkt->fname != ff_pkt->link) {
++ pm_strcpy(ff_pkt->link_save, ff_pkt->link);
++ Dmsg2(500, "strcpy link_save=%d link=%d\n", strlen(ff_pkt->link_save),
++ strlen(ff_pkt->link));
++ sm_check(__FILE__, __LINE__, true);
++ }
+
+ /*
+ * Strip path. If it doesn't succeed put it back. If
+ * it does, and there is a different link string,
+ * attempt to strip the link. If it fails, back them
+ * both back.
+- * Don't strip symlinks.
++ * Do not strip symlinks.
+ * I.e. if either stripping fails don't strip anything.
+ */
+- if (do_strip(ff_pkt->strip_path, ff_pkt->fname)) {
+- if (ff_pkt->type != FT_LNK && ff_pkt->fname != ff_pkt->link) {
+- pm_strcpy(ff_pkt->link_save, ff_pkt->link);
+- if (!do_strip(ff_pkt->strip_path, ff_pkt->link)) {
+- strcpy(ff_pkt->link, ff_pkt->link_save);
+- strcpy(ff_pkt->fname, ff_pkt->fname_save);
+- }
++ if (!do_strip(ff_pkt->strip_path, ff_pkt->fname)) {
++ unstrip_path(ff_pkt);
++ goto rtn;
++ }
++ /* Strip links but not symlinks */
++ if (ff_pkt->type != FT_LNK && ff_pkt->fname != ff_pkt->link) {
++ if (!do_strip(ff_pkt->strip_path, ff_pkt->link)) {
++ unstrip_path(ff_pkt);
+ }
+- } else {
+- strcpy(ff_pkt->fname, ff_pkt->fname_save);
+- }
+- Dmsg2(200, "fname=%s stripped=%s\n", ff_pkt->fname_save, ff_pkt->fname);
++ }
++
++rtn:
++ Dmsg3(100, "fname=%s stripped=%s link=%s\n", ff_pkt->fname_save, ff_pkt->fname,
++ ff_pkt->link);
+ }
+
+ static void unstrip_path(FF_PKT *ff_pkt)
+@@ -1172,6 +1184,11 @@
+ }
+ strcpy(ff_pkt->fname, ff_pkt->fname_save);
+ if (ff_pkt->type != FT_LNK && ff_pkt->fname != ff_pkt->link) {
++ Dmsg2(500, "strcpy link=%s link_save=%s\n", ff_pkt->link,
++ ff_pkt->link_save);
+ strcpy(ff_pkt->link, ff_pkt->link_save);
++ Dmsg2(500, "strcpy link=%d link_save=%d\n", strlen(ff_pkt->link),
++ strlen(ff_pkt->link_save));
++ sm_check(__FILE__, __LINE__, true);
+ }
+ }
/* Copy to first path separator -- Win32 might have c: ... */
while (*in && !IsPathSeparator(*in)) {
- *out++ = *in++;
+ out++; in++;
}
- *out++ = *in++;
+ out++; in++;
numsep++; /* one separator seen */
for (stripped=0; stripped<count && *in; stripped++) {
while (*in && !IsPathSeparator(*in)) {
}
/*
- * If requested strip leading components of the path
+ * If requested strip leading components of the path so that we can
+ * save file as if it came from a subdirectory. This is most useful
+ * for dealing with snapshots, by removing the snapshot directory, or
+ * in handling vendor migrations where files have been restored with
+ * a vendor product into a subdirectory.
*/
static void strip_path(FF_PKT *ff_pkt)
{
ff_pkt->link_save = get_pool_memory(PM_FNAME);
}
pm_strcpy(ff_pkt->fname_save, ff_pkt->fname);
+ if (ff_pkt->type != FT_LNK && ff_pkt->fname != ff_pkt->link) {
+ pm_strcpy(ff_pkt->link_save, ff_pkt->link);
+ Dmsg2(500, "strcpy link_save=%d link=%d\n", strlen(ff_pkt->link_save),
+ strlen(ff_pkt->link));
+ sm_check(__FILE__, __LINE__, true);
+ }
/*
* Strip path. If it doesn't succeed put it back. If
* it does, and there is a different link string,
* attempt to strip the link. If it fails, back them
* both back.
- * Don't strip symlinks.
+ * Do not strip symlinks.
* I.e. if either stripping fails don't strip anything.
*/
- if (do_strip(ff_pkt->strip_path, ff_pkt->fname)) {
- if (ff_pkt->type != FT_LNK && ff_pkt->fname != ff_pkt->link) {
- pm_strcpy(ff_pkt->link_save, ff_pkt->link);
- if (!do_strip(ff_pkt->strip_path, ff_pkt->link)) {
- strcpy(ff_pkt->link, ff_pkt->link_save);
- strcpy(ff_pkt->fname, ff_pkt->fname_save);
- }
- }
- } else {
- strcpy(ff_pkt->fname, ff_pkt->fname_save);
+ if (!do_strip(ff_pkt->strip_path, ff_pkt->fname)) {
+ unstrip_path(ff_pkt);
+ goto rtn;
}
- Dmsg2(200, "fname=%s stripped=%s\n", ff_pkt->fname_save, ff_pkt->fname);
+ /* Strip links but not symlinks */
+ if (ff_pkt->type != FT_LNK && ff_pkt->fname != ff_pkt->link) {
+ if (!do_strip(ff_pkt->strip_path, ff_pkt->link)) {
+ unstrip_path(ff_pkt);
+ }
+ }
+
+rtn:
+ Dmsg3(100, "fname=%s stripped=%s link=%s\n", ff_pkt->fname_save, ff_pkt->fname,
+ ff_pkt->link);
}
static void unstrip_path(FF_PKT *ff_pkt)
}
strcpy(ff_pkt->fname, ff_pkt->fname_save);
if (ff_pkt->type != FT_LNK && ff_pkt->fname != ff_pkt->link) {
+ Dmsg2(500, "strcpy link=%s link_save=%s\n", ff_pkt->link,
+ ff_pkt->link_save);
strcpy(ff_pkt->link, ff_pkt->link_save);
+ Dmsg2(500, "strcpy link=%d link_save=%d\n", strlen(ff_pkt->link),
+ strlen(ff_pkt->link_save));
+ sm_check(__FILE__, __LINE__, true);
}
}
) {
/* Note, if we are restoring as NON-root, this may not be fatal */
berrno be;
- Jmsg(jcr, M_ERROR, 0, _("Cannot change owner and/or group of %s: ERR=%s\n"),
+ Jmsg(jcr, M_WARNING, 0, _("Cannot change owner and/or group of %s: ERR=%s\n"),
quote(dirpath), be.bstrerror());
}
Dmsg0(300, "Chown done.\n");
}
}
}
- /*
- * Close the console pages before non-console pages so that
- * the notifier is turned off. Otherwise it prints an error when
- * the page it is using gets destroyed.
- */
foreach(Console *console, m_consoleHash){
console->writeSettings();
console->terminate();
*/
#undef VERSION
-#define VERSION "2.2.10-b1"
-#define BDATE "19 April 2008"
-#define LSMDATE "19Apr08"
+#define VERSION "2.2.10-b2"
+#define BDATE "01 May 2008"
+#define LSMDATE "01May08"
#define PROG_COPYRIGHT "Copyright (C) %d-2008 Free Software Foundation Europe e.V.\n"
#define BYEAR "2008" /* year for copyright messages in progs */
Technical notes on version 2.2
General:
+01May08
+kes Fix strippath so that it does not get a buffer overrun and crash FD.
+ This fixes bug #1078.
+kes Make inability to change owner/group when creating a dir only a
+ warning rather than an error.
28Apr08
ebl Fix SQL query in migration code
19Apr08