rpms/rsync/F-13 rsync-3.0.7-buf-overflow.patch, 1.1, 1.2 rsync.spec, 1.71, 1.72
Jan Zeleny
jzeleny at fedoraproject.org
Mon Mar 29 09:10:57 UTC 2010
Author: jzeleny
Update of /cvs/extras/rpms/rsync/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv19676
Modified Files:
rsync-3.0.7-buf-overflow.patch rsync.spec
Log Message:
buffer overflow patch replaced by upstream version
rsync-3.0.7-buf-overflow.patch:
flist.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
Index: rsync-3.0.7-buf-overflow.patch
===================================================================
RCS file: /cvs/extras/rpms/rsync/F-13/rsync-3.0.7-buf-overflow.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- rsync-3.0.7-buf-overflow.patch 22 Jan 2010 21:51:54 -0000 1.1
+++ rsync-3.0.7-buf-overflow.patch 29 Mar 2010 09:10:56 -0000 1.2
@@ -1,13 +1,39 @@
---- rsync-3.0.7/flist.c.orig 2010-01-22 22:39:40.000000000 +0100
-+++ rsync-3.0.7/flist.c 2010-01-22 22:45:27.618262042 +0100
-@@ -3025,6 +3025,10 @@ char *f_name(const struct file_struct *f
+index 7139b10..fef15aa 100644
+--- a/flist.c
++++ b/flist.c
+@@ -1640,21 +1640,29 @@ static void send_directory(int f, struct file_list *flist, char *fbuf, int len,
+ }
- if (f->dirname) {
- int len = strlen(f->dirname);
-+ if (len >= MAXPATHLEN) {
-+ rprintf(FWARNING,"Path too long!\n");
-+ return NULL;
-+ }
- memcpy(fbuf, f->dirname, len);
- fbuf[len] = '/';
- strlcpy(fbuf + len + 1, f->basename, MAXPATHLEN - (len + 1));
+ p = fbuf + len;
+- if (len != 1 || *fbuf != '/')
++ if (len == 1 && *fbuf == '/')
++ remainder = MAXPATHLEN - 1;
++ else if (len < MAXPATHLEN-1) {
+ *p++ = '/';
+- *p = '\0';
+- remainder = MAXPATHLEN - (p - fbuf);
++ *p = '\0';
++ remainder = MAXPATHLEN - (len + 1);
++ } else
++ remainder = 0;
+
+ for (errno = 0, di = readdir(d); di; errno = 0, di = readdir(d)) {
+ char *dname = d_name(di);
+ if (dname[0] == '.' && (dname[1] == '\0'
+ || (dname[1] == '.' && dname[2] == '\0')))
+ continue;
+- if (strlcpy(p, dname, remainder) >= remainder) {
++ unsigned name_len = strlcpy(p, dname, remainder);
++ if (name_len >= remainder) {
++ char save = fbuf[len];
++ fbuf[len] = '\0';
+ io_error |= IOERR_GENERAL;
+ rprintf(FERROR_XFER,
+- "cannot send long-named file %s\n",
+- full_fname(fbuf));
++ "filename overflows max-path len by %u: %s/%s\n",
++ name_len - remainder + 1, fbuf, dname);
++ fbuf[len] = save;
+ continue;
+ }
+ if (dname[0] == '\0') {
Index: rsync.spec
===================================================================
RCS file: /cvs/extras/rpms/rsync/F-13/rsync.spec,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -p -r1.71 -r1.72
--- rsync.spec 22 Jan 2010 22:07:34 -0000 1.71
+++ rsync.spec 29 Mar 2010 09:10:56 -0000 1.72
@@ -7,7 +7,7 @@
Summary: A program for synchronizing files over a network
Name: rsync
Version: 3.0.7
-Release: 2%{?prerelease}%{?dist}
+Release: 3%{?prerelease}%{?dist}
Group: Applications/Internet
URL: http://rsync.samba.org/
@@ -77,6 +77,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man5/rsyncd.conf.5*
%changelog
+* Mon Mar 29 2010 Jan Zeleny <jzeleny at redhat.com> - 3.0.7-3
+- buffer overflow patch replaced by upstream version
+
* Fri Jan 22 2010 Jan Zeleny <jzeleny at redhat.com> - 3.0.7-2
- fixed issue with buffer overflow when using long filenames (#557916)
More information about the scm-commits
mailing list