From: Mark Jamsek Subject: Re: gotd segfault To: Mikhail Cc: gameoftrees@openbsd.org Date: Mon, 1 May 2023 22:37:24 +1000 On 23-05-01 02:51PM, Mikhail wrote: > On Mon, May 01, 2023 at 02:47:35PM +0300, Mikhail wrote: > > core:~# egdb /home/misha/bin/gotd > > [...] > > Reading symbols from /home/misha/bin/gotd... > > (gdb) run -vvvvd > > Starting program: /home/misha/bin/gotd -vvvvd > > gotd: socket: /var/run/gotd.sock > > gotd: user: misha > > listen: gotd_accept: new client connected on fd 6 uid 1000 gid 1000 > > parent: recv_connect: new client uid 1000 connected on fd 5 > > parent: list-refs request from uid 1000 > > parent: starting auth for uid 1000 repository src > > parent: proc auth /var/git/src.git is on fd 7 > > auth /var/git/src.git: authentication request received > > auth /var/git/src.git: authenticating uid 1000 gid 1000 > > auth /var/git/src.git: src: Permission denied > > parent: uid 1000: src: Permission denied > > parent: uid 1000: disconnecting > > parent: waiting for child PID 25599 to terminate > > auth /var/git/src.git: shutting down > > > > Program received signal SIGSEGV, Segmentation fault. > > 0x00000b9ad943f762 in gotd_dispatch_auth_child (fd=7, event=2, arg=0xb9d122b0510) at /home/misha/work/got/gotd/gotd.c:1143 > > 1143 log_warnx("uid %d: %s", client->euid, err->msg); > > (gdb) bt > > #0 0x00000b9ad943f762 in gotd_dispatch_auth_child (fd=7, event=2, arg=0xb9d122b0510) at /home/misha/work/got/gotd/gotd.c:1143 > > #1 0x00000b9cf77db41f in event_process_active (base=0xb9d512f9760) at /usr/src/lib/libevent/event.c:333 > > #2 event_base_loop (base=0xb9d512f9760, flags=) at /usr/src/lib/libevent/event.c:483 > > #3 0x00000b9ad943cb43 in main (argc=0, argv=0x78b213c7bff8) at /home/misha/work/got/gotd/gotd.c:1932 > > (gdb) p client > > $1 = (struct gotd_client *) 0xb9cdc05a000 > > (gdb) p err > > $2 = (const struct got_error *) 0xb9ad9514030 > > (gdb) p err->msg > > $3 = 0xb9ad9514040 "src: Permission denied" > > (gdb) p client->euid > > Cannot access memory at address 0xb9cdc06a170 > > > > Is this info enough? > > The problem was that in gotd.conf I had: > > repository "src" { > path "/var/git/src.git" > # permit rw flan_hacker > # permit rw :developers > permit ro anonymous > > protect branch "main" > protect tag namespace "refs/tags/" > } > > Replacing anonymous with misha made gotd work, but with anonymous it > crashes. I think we might just want to return here as client is freed in disconnect(), which is either called in the else case or called from disconnect_on_error(), and if we goto done here instead of returning we will perform an invalid read on client whether there is an error or not. Plus, the error logged in done is already logged in disconnect_on_error(). diff /home/mark/src/got commit - 79cd0a74be4fd59c3cbfc4f35772ba4336b950be path + /home/mark/src/got blob - 886f92ecc38e22a85b9de751ac0be7ba7d14d98b file + gotd/gotd.c --- gotd/gotd.c +++ gotd/gotd.c @@ -1121,7 +1121,7 @@ gotd_dispatch_auth_child(int fd, short event, void *ar disconnect_on_error(client, err); else disconnect(client); - goto done; + return; } repo = gotd_find_repo_by_name(client->auth->repo_name, &gotd); -- Mark Jamsek GPG: F2FF 13DE 6A06 C471 CA80 E6E2 2930 DC66 86EE CF68