DO NOT REPLY [Bug 7057] Buffer overflow when sending a file with long name
samba-bugs at samba.org
samba-bugs at samba.org
Tue Mar 23 18:32:54 MDT 2010
https://bugzilla.samba.org/show_bug.cgi?id=7057
------- Comment #7 from matt at mattmccutchen.net 2010-03-23 19:32 CST -------
Created an attachment (id=5529)
--> (https://bugzilla.samba.org/attachment.cgi?id=5529&action=view)
Reproducer
I think I found the problem, and no, it isn't fixed by the proposed patch. If
send_directory is called with dlen == MAXPATHLEN - 1, it will append a slash
and then write a null byte just beyond the buffer. Attached is a reproducer.
I reproduced the fortify failure on i686. For some reason I did not get a
fortify failure on x86_64, but I got a valgrind error if I changed the buffer
to be heap allocated.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the rsync
mailing list