[PATCH] seg fault fix

John Van Essen vanes002 at umn.edu
Fri Dec 5 23:33:39 EST 2003

On Thu, 4 Dec 2003, Kees Cook <kees at kernel.org> wrote:
> This is a patch made by the redhat folks.  I noticed it in their src.rpm
> for rsync while I was updating it for 2.5.7.  I figure at the worst, it's
> a nice bit of protection.  It would be cool to get this put into CVS.

Contents of rsync-2.4.6-segv.patch:

--- rsync-2.4.6/main.c.foo	Fri Aug 17 11:46:03 2001
+++ rsync-2.4.6/main.c	Fri Aug 17 11:45:37 2001
@@ -534,6 +534,7 @@
 	char *p, *p2;
+	if (!s || !*s) return NULL;
 	p = strchr(s,':');
 	if (!p) return NULL;

The problem with this type of patch is that it covers up the symptom
without addressing the underlying cause, which is calling the find_colon
routine with a NULL argument.

find_colon is called in only two places, and I can't see where it could
get called with a NULL argument, so that patch is no longer needed, IMO.

It is very likely that the original logic flaw was found and fixed between
versions 2.4.4 and 2.5.6 (2.5.7 being only a security fix).
        John Van Essen  Univ of MN Alumnus  <vanes002 at umn.edu>

More information about the rsync mailing list