From 06d55616ec86c3a68a8af917783788b928fefcc4 Mon Sep 17 00:00:00 2001
From: Michal Ruprich <mruprich@redhat.com>
Date: Tue, 22 Aug 2023 21:18:17 +0200
Subject: [PATCH] Resolves: #2229654 - rsync - buffer overflow detected

---
 rsync-3.2.7-buffer-overflow.patch | 48 +++++++++++++++++++++++++++++++
 rsync.spec                        |  9 ++++--
 2 files changed, 55 insertions(+), 2 deletions(-)
 create mode 100644 rsync-3.2.7-buffer-overflow.patch

diff --git a/rsync-3.2.7-buffer-overflow.patch b/rsync-3.2.7-buffer-overflow.patch
new file mode 100644
index 0000000..54fe6fb
--- /dev/null
+++ b/rsync-3.2.7-buffer-overflow.patch
@@ -0,0 +1,48 @@
+From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001
+From: Jiri Slaby <jslaby@suse.cz>
+Date: Fri, 18 Aug 2023 08:26:20 +0200
+Subject: [PATCH] exclude: fix crashes with fortified strlcpy()
+
+Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when
+its third parameter (size) is larger than the buffer:
+  $ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx
+  sending incremental file list
+  *** buffer overflow detected ***: terminated
+
+It's in the exclude code in setup_merge_file():
+  strlcpy(y, save, MAXPATHLEN);
+
+Note the 'y' pointer was incremented, so it no longer points to memory
+with MAXPATHLEN "owned" bytes.
+
+Fix it by remembering the number of copied bytes into the 'save' buffer
+and use that instead of MAXPATHLEN which is clearly incorrect.
+
+Fixes #511.
+---
+ exclude.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/exclude.c b/exclude.c
+index ffe55b167..1a5de3b9e 100644
+--- a/exclude.c
++++ b/exclude.c
+@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
+ 	parent_dirscan = True;
+ 	while (*y) {
+ 		char save[MAXPATHLEN];
+-		strlcpy(save, y, MAXPATHLEN);
++		/* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */
++		size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1;
+ 		*y = '\0';
+ 		dirbuf_len = y - dirbuf;
+ 		strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf));
+@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
+ 			lp->head = NULL;
+ 		}
+ 		lp->tail = NULL;
+-		strlcpy(y, save, MAXPATHLEN);
++		strlcpy(y, save, copylen);
+ 		while ((*x++ = *y++) != '/') {}
+ 	}
+ 	parent_dirscan = False;
diff --git a/rsync.spec b/rsync.spec
index 4ed09aa..e2c4eca 100644
--- a/rsync.spec
+++ b/rsync.spec
@@ -9,7 +9,7 @@
 Summary: A program for synchronizing files over a network
 Name: rsync
 Version: 3.2.7
-Release: 4%{?prerelease}%{?dist}
+Release: 5%{?prerelease}%{?dist}
 URL: https://rsync.samba.org/
 
 Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
@@ -41,6 +41,7 @@ Provides: bundled(zlib) = 1.2.8
 License: GPL-3.0-or-later
 
 Patch1: rsync-3.2.2-runtests.patch
+Patch2: rsync-3.2.7-buffer-overflow.patch
 
 %description
 Rsync uses a reliable algorithm to bring remote and host files into
@@ -72,7 +73,8 @@ package provides the anonymous rsync service.
 %endif
 
 #%patch0 -p1 -b .verify-hostname
-%patch1 -p1 -b .runtests
+%patch 1 -p1 -b .runtests
+%patch 2 -p1 -b .buffer-overflow
 
 %build
 %configure \
@@ -123,6 +125,9 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
 %systemd_postun_with_restart rsyncd.service
 
 %changelog
+* Tue Aug 22 2023 Michal Ruprich <mruprich@redhat.com> - 3.2.7-5
+- Resolves: #2229654 - rsync - buffer overflow detected
+
 * Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.7-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild