[SCM] The rsync repository. - branch master updated

Rsync CVS commit messages rsync-cvs at lists.samba.org
Sat Apr 6 16:23:16 UTC 2024 

The branch, master has been updated
       via  079e74a3 Some year updates.
       via  abc3c746 Mention latest changes in NEWS.
       via  99ab5946 exclude: fix crashes with fortified strlcpy()
      from  a47ae6fa typo in rsyncd.conf.5.md

https://git.samba.org/?p=rsync.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 079e74a30f3615ccd70864621dab6d8df0ae0122
Author: Wayne Davison <wayne at opencoder.net>
Date:   Sat Apr 6 09:21:44 2024 -0700

    Some year updates.

commit abc3c746527bb030db37010e03ef574ddc47fe36
Author: Wayne Davison <wayne at opencoder.net>
Date:   Sat Apr 6 09:17:16 2024 -0700

    Mention latest changes in NEWS.

commit 99ab59464bf44f18d668e373bc3d0f65190b87ac
Author: Jiri Slaby <jslaby at suse.cz>
Date:   Fri Aug 18 08:26:20 2023 +0200

    exclude: fix crashes with fortified strlcpy()
    
    Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when
    its third parameter (size) is larger than the buffer:
      $ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx
      sending incremental file list
      *** buffer overflow detected ***: terminated
    
    It's in the exclude code in setup_merge_file():
      strlcpy(y, save, MAXPATHLEN);
    
    Note the 'y' pointer was incremented, so it no longer points to memory
    with MAXPATHLEN "owned" bytes.
    
    Fix it by remembering the number of copied bytes into the 'save' buffer
    and use that instead of MAXPATHLEN which is clearly incorrect.
    
    Fixes #511.

-----------------------------------------------------------------------

Summary of changes:
 NEWS.md       | 7 +++++++
 delete.c      | 2 +-
 exclude.c     | 5 +++--
 latest-year.h | 2 +-
 util2.c       | 2 +-
 5 files changed, 13 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/NEWS.md b/NEWS.md
index ca60c32c..da1e1852 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -10,6 +10,11 @@
 - Fixed an buffer overflow in the checksum2 code if SHA1 is being used for
   the checksum2 algorithm.
 
+- Fixed an issue when rsync is compiled using `_FORTIFY_SOURCE` so that the
+  extra tests don't complain about a strlcpy() limit value (which was too
+  large, even though it wasn't possible for the larger value to cause an
+  overflow).
+
 - Add a backtick to the list of characters that the filename quoting needs to
   escape using backslashes.
 
@@ -49,6 +54,8 @@
 - Changed the mapfrom & mapto perl scripts (in the support dir) into a single
   python script named idmap.  Converted a couple more perl scripts into python.
 
+- Changed the mnt-excl perl script (in the support dir) into a python script.
+
 ### DEVELOPER RELATED:
 
  - Updated config.guess (timestamp 2023-01-01) and config.sub (timestamp
diff --git a/delete.c b/delete.c
index 80766164..dcb6a9af 100644
--- a/delete.c
+++ b/delete.c
@@ -4,7 +4,7 @@
  * Copyright (C) 1996-2000 Andrew Tridgell
  * Copyright (C) 1996 Paul Mackerras
  * Copyright (C) 2002 Martin Pool <mbp at samba.org>
- * Copyright (C) 2003-2020 Wayne Davison
+ * Copyright (C) 2003-2023 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/exclude.c b/exclude.c
index ffe55b16..1a5de3b9 100644
--- a/exclude.c
+++ b/exclude.c
@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
 	parent_dirscan = True;
 	while (*y) {
 		char save[MAXPATHLEN];
-		strlcpy(save, y, MAXPATHLEN);
+		/* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */
+		size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1;
 		*y = '\0';
 		dirbuf_len = y - dirbuf;
 		strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf));
@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
 			lp->head = NULL;
 		}
 		lp->tail = NULL;
-		strlcpy(y, save, MAXPATHLEN);
+		strlcpy(y, save, copylen);
 		while ((*x++ = *y++) != '/') {}
 	}
 	parent_dirscan = False;
diff --git a/latest-year.h b/latest-year.h
index 0dcf3464..f978fb8b 100644
--- a/latest-year.h
+++ b/latest-year.h
@@ -1 +1 @@
-#define LATEST_YEAR "2023"
+#define LATEST_YEAR "2024"
diff --git a/util2.c b/util2.c
index 3b5a8f41..e398340e 100644
--- a/util2.c
+++ b/util2.c
@@ -4,7 +4,7 @@
  * Copyright (C) 1996-2000 Andrew Tridgell
  * Copyright (C) 1996 Paul Mackerras
  * Copyright (C) 2001, 2002 Martin Pool <mbp at samba.org>
- * Copyright (C) 2003-2020 Wayne Davison
+ * Copyright (C) 2003-2023 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by


-- 
The rsync repository.

More information about the rsync-cvs mailing list