| |
@@ -1,48 +0,0 @@
|
| |
- From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001
|
| |
- From: Jiri Slaby <jslaby@suse.cz>
|
| |
- Date: Fri, 18 Aug 2023 08:26:20 +0200
|
| |
- Subject: [PATCH] exclude: fix crashes with fortified strlcpy()
|
| |
-
|
| |
- Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when
|
| |
- its third parameter (size) is larger than the buffer:
|
| |
- $ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx
|
| |
- sending incremental file list
|
| |
- *** buffer overflow detected ***: terminated
|
| |
-
|
| |
- It's in the exclude code in setup_merge_file():
|
| |
- strlcpy(y, save, MAXPATHLEN);
|
| |
-
|
| |
- Note the 'y' pointer was incremented, so it no longer points to memory
|
| |
- with MAXPATHLEN "owned" bytes.
|
| |
-
|
| |
- Fix it by remembering the number of copied bytes into the 'save' buffer
|
| |
- and use that instead of MAXPATHLEN which is clearly incorrect.
|
| |
-
|
| |
- Fixes #511.
|
| |
- ---
|
| |
- exclude.c | 5 +++--
|
| |
- 1 file changed, 3 insertions(+), 2 deletions(-)
|
| |
-
|
| |
- diff --git a/exclude.c b/exclude.c
|
| |
- index ffe55b167..1a5de3b9e 100644
|
| |
- --- a/exclude.c
|
| |
- +++ b/exclude.c
|
| |
- @@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
|
| |
- parent_dirscan = True;
|
| |
- while (*y) {
|
| |
- char save[MAXPATHLEN];
|
| |
- - strlcpy(save, y, MAXPATHLEN);
|
| |
- + /* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */
|
| |
- + size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1;
|
| |
- *y = '\0';
|
| |
- dirbuf_len = y - dirbuf;
|
| |
- strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf));
|
| |
- @@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
|
| |
- lp->head = NULL;
|
| |
- }
|
| |
- lp->tail = NULL;
|
| |
- - strlcpy(y, save, MAXPATHLEN);
|
| |
- + strlcpy(y, save, copylen);
|
| |
- while ((*x++ = *y++) != '/') {}
|
| |
- }
|
| |
- parent_dirscan = False;
|
| |
New version 3.3.0