[SCM] The rsync repository. - branch master updated
Rsync CVS commit messages
rsync-cvs at lists.samba.org
Sat Apr 6 16:23:16 UTC 2024
The branch, master has been updated
via 079e74a3 Some year updates.
via abc3c746 Mention latest changes in NEWS.
via 99ab5946 exclude: fix crashes with fortified strlcpy()
from a47ae6fa typo in rsyncd.conf.5.md
https://git.samba.org/?p=rsync.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 079e74a30f3615ccd70864621dab6d8df0ae0122
Author: Wayne Davison <wayne at opencoder.net>
Date: Sat Apr 6 09:21:44 2024 -0700
Some year updates.
commit abc3c746527bb030db37010e03ef574ddc47fe36
Author: Wayne Davison <wayne at opencoder.net>
Date: Sat Apr 6 09:17:16 2024 -0700
Mention latest changes in NEWS.
commit 99ab59464bf44f18d668e373bc3d0f65190b87ac
Author: Jiri Slaby <jslaby at suse.cz>
Date: Fri Aug 18 08:26:20 2023 +0200
exclude: fix crashes with fortified strlcpy()
Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when
its third parameter (size) is larger than the buffer:
$ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx
sending incremental file list
*** buffer overflow detected ***: terminated
It's in the exclude code in setup_merge_file():
strlcpy(y, save, MAXPATHLEN);
Note the 'y' pointer was incremented, so it no longer points to memory
with MAXPATHLEN "owned" bytes.
Fix it by remembering the number of copied bytes into the 'save' buffer
and use that instead of MAXPATHLEN which is clearly incorrect.
Fixes #511.
-----------------------------------------------------------------------
Summary of changes:
NEWS.md | 7 +++++++
delete.c | 2 +-
exclude.c | 5 +++--
latest-year.h | 2 +-
util2.c | 2 +-
5 files changed, 13 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/NEWS.md b/NEWS.md
index ca60c32c..da1e1852 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -10,6 +10,11 @@
- Fixed an buffer overflow in the checksum2 code if SHA1 is being used for
the checksum2 algorithm.
+- Fixed an issue when rsync is compiled using `_FORTIFY_SOURCE` so that the
+ extra tests don't complain about a strlcpy() limit value (which was too
+ large, even though it wasn't possible for the larger value to cause an
+ overflow).
+
- Add a backtick to the list of characters that the filename quoting needs to
escape using backslashes.
@@ -49,6 +54,8 @@
- Changed the mapfrom & mapto perl scripts (in the support dir) into a single
python script named idmap. Converted a couple more perl scripts into python.
+- Changed the mnt-excl perl script (in the support dir) into a python script.
+
### DEVELOPER RELATED:
- Updated config.guess (timestamp 2023-01-01) and config.sub (timestamp
diff --git a/delete.c b/delete.c
index 80766164..dcb6a9af 100644
--- a/delete.c
+++ b/delete.c
@@ -4,7 +4,7 @@
* Copyright (C) 1996-2000 Andrew Tridgell
* Copyright (C) 1996 Paul Mackerras
* Copyright (C) 2002 Martin Pool <mbp at samba.org>
- * Copyright (C) 2003-2020 Wayne Davison
+ * Copyright (C) 2003-2023 Wayne Davison
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/exclude.c b/exclude.c
index ffe55b16..1a5de3b9 100644
--- a/exclude.c
+++ b/exclude.c
@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
parent_dirscan = True;
while (*y) {
char save[MAXPATHLEN];
- strlcpy(save, y, MAXPATHLEN);
+ /* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */
+ size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1;
*y = '\0';
dirbuf_len = y - dirbuf;
strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf));
@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
lp->head = NULL;
}
lp->tail = NULL;
- strlcpy(y, save, MAXPATHLEN);
+ strlcpy(y, save, copylen);
while ((*x++ = *y++) != '/') {}
}
parent_dirscan = False;
diff --git a/latest-year.h b/latest-year.h
index 0dcf3464..f978fb8b 100644
--- a/latest-year.h
+++ b/latest-year.h
@@ -1 +1 @@
-#define LATEST_YEAR "2023"
+#define LATEST_YEAR "2024"
diff --git a/util2.c b/util2.c
index 3b5a8f41..e398340e 100644
--- a/util2.c
+++ b/util2.c
@@ -4,7 +4,7 @@
* Copyright (C) 1996-2000 Andrew Tridgell
* Copyright (C) 1996 Paul Mackerras
* Copyright (C) 2001, 2002 Martin Pool <mbp at samba.org>
- * Copyright (C) 2003-2020 Wayne Davison
+ * Copyright (C) 2003-2023 Wayne Davison
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
--
The rsync repository.
More information about the rsync-cvs
mailing list