[SCM] The rsync repository. - branch master updated

Rsync CVS commit messages rsync-cvs at lists.samba.org
Wed Oct 25 03:45:34 UTC 2017


The branch, master has been updated
       via  9a480de Only allow a modern checksum method for passwords.
       via  c252546 Don't forget to tweak sum_update().
      from  7b8a4ec Handle archaic checksums properly.

https://git.samba.org/?p=rsync.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 9a480deec4d20277d8e20bc55515ef0640ca1e55
Author: Wayne Davison <wayned at samba.org>
Date:   Tue Oct 24 20:44:37 2017 -0700

    Only allow a modern checksum method for passwords.

commit c252546ceeb0925eb8a4061315e3ff0a8c55b48b
Author: Wayne Davison <wayned at samba.org>
Date:   Tue Oct 24 20:42:41 2017 -0700

    Don't forget to tweak sum_update().

-----------------------------------------------------------------------

Summary of changes:
 authenticate.c | 6 ++++++
 checksum.c     | 1 +
 2 files changed, 7 insertions(+)


Changeset truncated at 500 lines:

diff --git a/authenticate.c b/authenticate.c
index d60ee20..a106b0f 100644
--- a/authenticate.c
+++ b/authenticate.c
@@ -22,6 +22,7 @@
 #include "itypes.h"
 
 extern int read_only;
+extern int protocol_version;
 extern char *password_file;
 
 /***************************************************************************
@@ -237,6 +238,11 @@ char *auth_server(int f_in, int f_out, int module, const char *host,
 	if (!users || !*users)
 		return "";
 
+	if (protocol_version < 21) { /* Don't allow a weak checksum for the password. */
+		rprintf(FERROR, "ERROR: protocol version is too old!\n");
+		exit_cleanup(RERR_PROTOCOL);
+	}
+
 	gen_challenge(addr, challenge);
 
 	io_printf(f_out, "%s%s\n", leader, challenge);
diff --git a/checksum.c b/checksum.c
index 9382694..c119f97 100644
--- a/checksum.c
+++ b/checksum.c
@@ -295,6 +295,7 @@ void sum_update(const char *p, int32 len)
 	  case CSUM_MD4:
 	  case CSUM_MD4_OLD:
 	  case CSUM_MD4_BUSTED:
+	  case CSUM_MD4_ARCHAIC:
 		if (len + sumresidue < CSUM_CHUNK) {
 			memcpy(md.buffer + sumresidue, p, len);
 			sumresidue += len;


-- 
The rsync repository.



More information about the rsync-cvs mailing list