From: Eric Bollengier <eric@baculasystems.com>
Date: Tue, 7 Jun 2022 14:39:02 +0000 (+0200)
Subject: Fix #9224 about Storage Daemon issue with BoostFS
X-Git-Tag: Beta-15.0.0~559
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dca4e94adf0d55266c478c1a60f50030f2490cee;p=thirdparty%2Fbacula.git

Fix #9224 about Storage Daemon issue with BoostFS

On bootfs, the call to ioctl(tmp_fd, FS_IOC_GETFLAGS, (char *)&get_attr);
triggers an error, and the get_attr variable is not long enough
and the memory in the stack get overwritten leading to a segfault.

The man page is incorrect, a "int" is documented, but a "long"
is actually needed.
---

diff --git a/bacula/src/stored/file_dev.c b/bacula/src/stored/file_dev.c
index c869a23e7..ad091334c 100644
--- a/bacula/src/stored/file_dev.c
+++ b/bacula/src/stored/file_dev.c
@@ -640,7 +640,8 @@ bool file_dev::check_volume_protection_time(const char *vol_name)
 #ifdef HAVE_FS_IOC_GETFLAGS
 bool file_dev::check_for_attr(const char *vol_name, int attr)
 {
-   int tmp_fd, ioctl_ret, get_attr;
+   int tmp_fd, ioctl_ret;
+   long get_attr = 0, lattr = attr;
    bool ret = false;
    POOL_MEM fname(PM_FNAME);
 
@@ -664,7 +665,7 @@ bool file_dev::check_for_attr(const char *vol_name, int attr)
       Dmsg2(DT_VOLUME|50, "Failed to get attributes for %s, ERR=%s", fname.c_str(), be.bstrerror());
       Mmsg2(errmsg, "Failed to get attributes for %s, ERR=%s", fname.c_str(), be.bstrerror());
    } else {
-      ret = get_attr & attr;
+      ret = get_attr & lattr;
       const char *msg_str = ret ? "set" : "not set";
       Dmsg3(DT_VOLUME|50, "Attribute: 0x%08x is %s for volume: %s\n",
             attr, msg_str, fname.c_str());
@@ -687,7 +688,8 @@ bool file_dev::check_for_attr(const char *vol_name, int attr)
 bool file_dev::modify_fattr(const char *vol_name, int attr, bool set)
 {
    bool ret = false;
-   int tmp_fd, ioctl_ret, get_attr, set_attr;
+   int tmp_fd, ioctl_ret;
+   long get_attr = 0, set_attr = 0, lattr =  attr;
    const char *msg_str = set ? "set" : "cleared";
    POOL_MEM fname(PM_FNAME);
 
@@ -722,11 +724,11 @@ bool file_dev::modify_fattr(const char *vol_name, int attr, bool set)
 
    if (set) {
       /* Add new attribute to the currently set ones */
-      set_attr = get_attr | attr;
+      set_attr = get_attr | lattr;
    } else {
       /* Inverse the desired attribute and later and it with the current state
        * so that we clear only desired flag and do not touch all the rest */
-      int rev_mask = ~attr;
+      long rev_mask = ~lattr;
       set_attr = get_attr & rev_mask;
    }