diff options
| author |   Sam James <sam@gentoo.org> | 2023-12-28 04:11:47 +0000 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2023-12-28 04:11:47 +0000 |
| commit | 49fc4a8567531cb5d8f889832663c784d6a36ddf (patch) | |
| tree | 60df65b088127f5cb251c83b51704edf6683960e /net-misc/rsync/files | |
| parent | sys-apps/cracklib-words: drop 2.9.8, 2.9.10 (diff) | |
| download | gentoo-49fc4a8567531cb5d8f889832663c784d6a36ddf.tar.gz gentoo-49fc4a8567531cb5d8f889832663c784d6a36ddf.tar.bz2 gentoo-49fc4a8567531cb5d8f889832663c784d6a36ddf.zip | |
net-misc/rsync: fix crash w/ FORTIFY_SOURCE=3
Closes: https://bugs.gentoo.org/917517
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-misc/rsync/files')
| -rw-r--r-- | net-misc/rsync/files/rsync-3.2.7-fortify-source-3.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/net-misc/rsync/files/rsync-3.2.7-fortify-source-3.patch b/net-misc/rsync/files/rsync-3.2.7-fortify-source-3.patch new file mode 100644 index 000000000000..952af573dfc7 --- /dev/null +++ b/net-misc/rsync/files/rsync-3.2.7-fortify-source-3.patch @@ -0,0 +1,54 @@ +https://bugs.gentoo.org/917517 +https://github.com/WayneD/rsync/issues/511 +https://bugzilla.suse.com/show_bug.cgi?id=1214249 +https://bugzilla.redhat.com/show_bug.cgi?id=2229654 +https://src.fedoraproject.org/rpms/rsync/raw/06d55616ec86c3a68a8af917783788b928fefcc4/f/rsync-3.2.7-buffer-overflow.patch + +From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001 +From: Jiri Slaby <jslaby@suse.cz> +Date: Fri, 18 Aug 2023 08:26:20 +0200 +Subject: [PATCH] exclude: fix crashes with fortified strlcpy() + +Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when +its third parameter (size) is larger than the buffer: + $ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx + sending incremental file list + *** buffer overflow detected ***: terminated + +It's in the exclude code in setup_merge_file(): + strlcpy(y, save, MAXPATHLEN); + +Note the 'y' pointer was incremented, so it no longer points to memory +with MAXPATHLEN "owned" bytes. + +Fix it by remembering the number of copied bytes into the 'save' buffer +and use that instead of MAXPATHLEN which is clearly incorrect. + +Fixes #511. +--- + exclude.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/exclude.c b/exclude.c +index ffe55b167..1a5de3b9e 100644 +--- a/exclude.c ++++ b/exclude.c +@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, + parent_dirscan = True; + while (*y) { + char save[MAXPATHLEN]; +- strlcpy(save, y, MAXPATHLEN); ++ /* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */ ++ size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1; + *y = '\0'; + dirbuf_len = y - dirbuf; + strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf)); +@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, + lp->head = NULL; + } + lp->tail = NULL; +- strlcpy(y, save, MAXPATHLEN); ++ strlcpy(y, save, copylen); + while ((*x++ = *y++) != '/') {} + } + parent_dirscan = False; |