Package: amanda-server
Version: 1:2.6.1p1-1
Severity: normal
Tags: patch
Including multiple scripts in a dumptype will cause (at least) amcheck to
send syntactically invalid request packets. The issue has been reported to
upstream and is fixed in SVN commit 2164. I am including the original
report for details.
Sincerely,
Ralph Rößner
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-1-686 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages amanda-server depends on:
ii amanda-common 1:2.6.1p1-1 Advanced Maryland Automatic Networ
ii bsd-mailx [mailx] 8.1.2-0.20090911cvs-1 simple mail user agent
ii libc6 2.9-25 GNU C Library: Shared libraries
ii libglib2.0-0 2.22.0-1 The GLib library of C routines
ii libncurses5 5.7+20090803-2 shared libraries for terminal hand
ii libreadline5 5.2-6 GNU readline and history libraries
ii mailx 1:20081101-2 Transitional package for mailx ren
amanda-server recommends no packages.
Versions of packages amanda-server suggests:
ii amanda-client 1:2.6.1p1-1 Advanced Maryland Automatic Networ
ii cpio 2.10-1 GNU cpio -- a program to manage ar
ii gnuplot 4.2.5-3 A command-line driven interactive
ii perl [perl5] 5.10.0-25 Larry Wall's Practical Extraction
-- no debconf information
-- Original report to amanda-hackers:
Hi!
Using a dumptype with more than one script defined causes amcheck (and
probably others) to fail, citing a format error in the request packet as
the reason. This has been encountered in 2.6.1p1 and verified to persist
in SVN revision 2162.
* Example dumptype
define dumptype normal-snapshot {
normal
script "create-lvm-snapshots"
script "remove-lvm-snapshots"
}
* Example invocation:
bac...@keldon:~$ amcheck -c CAPCom
Amanda Backup Client Hosts Check
--------------------------------
ERROR: keldon: [FORMAT ERROR IN REQUEST PACKET Error on line 1 char 459:
Element 'dle' was closed, but the currently open element is 'script']
ERROR: keldon: service /usr/lib/amanda/selfcheck failed: pid 10527 exited with
code 1
Client check: 14 hosts checked in 2.125 seconds. 2 problems found.
(brought to you by Amanda 2.6.1p1)
* Analysis
Monitoring the communication shows that in the request packet the second
script block is indeed missing its closing tag. The first script block is
syntactically correct.
Encoding of the script data is done in xml_scripts() in diskfile.c . The
</script> closing tag is added in #1940 by call to vstrextend(), which
treats its second to last argument as a variable argument list. A NULL
pointer passed to vstrextend() thus terminates the argument list,
regardless of any following non-NULL arguments.
The last argument before the closing tag is xml_app.result, which is
allocated in #1840, outside the for-all-scripts loop, but freed in #1942,
inside the same loop. So for all passes through the loop after the first
one, xml_app.result will be NULL and the closing tag will be ignored by
vstrextend().
Besides breaking the script encoding, other bad things might happen if
code inside the loop assumes that xml_app.result is initialized.
* Suggested Fix
Initialize xml_app.result inside the loop body. Proposed patch (unidiff):
--- diskfile.c.orig 2009-10-07 11:53:08.000000000 +0200
+++ diskfile.c 2009-10-07 12:56:06.000000000 +0200
@@ -1837,7 +1837,7 @@
xml_app_t xml_app;
xml_app.features = their_features;
- xml_app.result = stralloc("");
+/* xml_app.result initialized in loop */
xml_scr = stralloc("");
for (pp_iter = pp_scriptlist; pp_iter != NULL;
@@ -1850,6 +1850,7 @@
xml_scr1 = vstralloc(" <script>\n",
" ", b64plugin, "\n",
NULL);
+ xml_app.result = stralloc("");
execute_where = pp_script_get_execute_where(pp_script);
switch (execute_where) {
A 2162 revision modified in this way does not reproduce the error.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
