rpms/rsync
5
0
Fork 1
Code Issues Pull Requests Releases Activity

Resolves: #2229654 - rsync - buffer overflow detected

Browse Source
This commit is contained in:
Michal Ruprich 2023-08-22 21:18:17 +02:00
parent 39349e37fc
commit 06d55616ec
2 changed files with 55 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
rsync-3.2.7-buffer-overflow.patch Normal file
View File

@ -0,0 +1,48 @@
From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001
From: Jiri Slaby <jslaby@suse.cz>
Date: Fri, 18 Aug 2023 08:26:20 +0200
Subject: [PATCH] exclude: fix crashes with fortified strlcpy()
Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when
its third parameter (size) is larger than the buffer:
$ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx
sending incremental file list
*** buffer overflow detected ***: terminated
It's in the exclude code in setup_merge_file():
strlcpy(y, save, MAXPATHLEN);
Note the 'y' pointer was incremented, so it no longer points to memory
with MAXPATHLEN "owned" bytes.
Fix it by remembering the number of copied bytes into the 'save' buffer
and use that instead of MAXPATHLEN which is clearly incorrect.
Fixes #511.
---
exclude.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/exclude.c b/exclude.c
index ffe55b167..1a5de3b9e 100644
--- a/exclude.c
+++ b/exclude.c
@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
parent_dirscan = True;
while (*y) {
char save[MAXPATHLEN];
- strlcpy(save, y, MAXPATHLEN);
+ /* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */
+ size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1;
*y = '\0';
dirbuf_len = y - dirbuf;
strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf));
@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
lp->head = NULL;
}
lp->tail = NULL;
- strlcpy(y, save, MAXPATHLEN);
+ strlcpy(y, save, copylen);
while ((*x++ = *y++) != '/') {}
}
parent_dirscan = False;

9
rsync.spec
View File

@ -9,7 +9,7 @@
Summary: A program for synchronizing files over a network Summary: A program for synchronizing files over a network
Name: rsync Name: rsync
Version: 3.2.7 Version: 3.2.7
Release: 4%{?prerelease}%{?dist} Release: 5%{?prerelease}%{?dist}
URL: https://rsync.samba.org/ URL: https://rsync.samba.org/
Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
@ -41,6 +41,7 @@ Provides: bundled(zlib) = 1.2.8
License: GPL-3.0-or-later License: GPL-3.0-or-later
Patch1: rsync-3.2.2-runtests.patch Patch1: rsync-3.2.2-runtests.patch
Patch2: rsync-3.2.7-buffer-overflow.patch
%description %description
Rsync uses a reliable algorithm to bring remote and host files into Rsync uses a reliable algorithm to bring remote and host files into
@ -72,7 +73,8 @@ package provides the anonymous rsync service.
%endif %endif
#%patch0 -p1 -b .verify-hostname #%patch0 -p1 -b .verify-hostname
%patch1 -p1 -b .runtests %patch 1 -p1 -b .runtests
%patch 2 -p1 -b .buffer-overflow
%build %build
%configure \ %configure \
@ -123,6 +125,9 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
%systemd_postun_with_restart rsyncd.service %systemd_postun_with_restart rsyncd.service
%changelog %changelog
* Tue Aug 22 2023 Michal Ruprich <mruprich@redhat.com> - 3.2.7-5
- Resolves: #2229654 - rsync - buffer overflow detected
* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.7-4 * Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild