rpms/rsync
5
0
Fork 1
Code Issues Pull Requests Releases Activity

buffer overflow patch replaced by upstream version

Browse Source
This commit is contained in:
Jan Zeleny 2010-03-29 09:12:00 +00:00
parent 24fe8c53cc
commit 950d3cc6dc
2 changed files with 42 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
rsync-3.0.7-buf-overflow.patch
View File

@ -1,13 +1,39 @@
--- rsync-3.0.7/flist.c.orig 2010-01-22 22:39:40.000000000 +0100
+++ rsync-3.0.7/flist.c 2010-01-22 22:45:27.618262042 +0100
@@ -3025,6 +3025,10 @@ char *f_name(const struct file_struct *f
index 7139b10..fef15aa 100644
--- a/flist.c
+++ b/flist.c
@@ -1640,21 +1640,29 @@ static void send_directory(int f, struct file_list *flist, char *fbuf, int len,
}
if (f->dirname) {
int len = strlen(f->dirname);
+ if (len >= MAXPATHLEN) {
+ rprintf(FWARNING,"Path too long!\n");
+ return NULL;
+ }
memcpy(fbuf, f->dirname, len);
fbuf[len] = '/';
strlcpy(fbuf + len + 1, f->basename, MAXPATHLEN - (len + 1));
p = fbuf + len;
- if (len != 1 || *fbuf != '/')
+ if (len == 1 && *fbuf == '/')
+ remainder = MAXPATHLEN - 1;
+ else if (len < MAXPATHLEN-1) {
*p++ = '/';
- *p = '\0';
- remainder = MAXPATHLEN - (p - fbuf);
+ *p = '\0';
+ remainder = MAXPATHLEN - (len + 1);
+ } else
+ remainder = 0;
for (errno = 0, di = readdir(d); di; errno = 0, di = readdir(d)) {
char *dname = d_name(di);
if (dname[0] == '.' && (dname[1] == '\0'
|| (dname[1] == '.' && dname[2] == '\0')))
continue;
- if (strlcpy(p, dname, remainder) >= remainder) {
+ unsigned name_len = strlcpy(p, dname, remainder);
+ if (name_len >= remainder) {
+ char save = fbuf[len];
+ fbuf[len] = '\0';
io_error |= IOERR_GENERAL;
rprintf(FERROR_XFER,
- "cannot send long-named file %s\n",
- full_fname(fbuf));
+ "filename overflows max-path len by %u: %s/%s\n",
+ name_len - remainder + 1, fbuf, dname);
+ fbuf[len] = save;
continue;
}
if (dname[0] == '\0') {

5
rsync.spec
View File

@ -7,7 +7,7 @@
Summary: A program for synchronizing files over a network
Name: rsync
Version: 3.0.7
Release: 2%{?prerelease}%{?dist}
Release: 3%{?prerelease}%{?dist}
Group: Applications/Internet
URL: http://rsync.samba.org/
@ -77,6 +77,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man5/rsyncd.conf.5*
%changelog
* Mon Mar 29 2010 Jan Zeleny <jzeleny@redhat.com> - 3.0.7-3
- buffer overflow patch replaced by upstream version
* Fri Jan 22 2010 Jan Zeleny <jzeleny@redhat.com> - 3.0.7-2
- fixed issue with buffer overflow when using long filenames (#557916)