MD4 bug-fix for protocol version 27

Christoph Bartelmus bartelmus at
Thu May 8 01:02:38 EST 2003


while implementing the rsync protocol in one of our projects I found
that the current CVS version still has a MD4 bug. I'm using the FreeBSD
libmd implementation and I still had checksum mismatches with protocol
version 27 for files whose size was a multiple of 64 - 4 ( - 4 due to
checksum_seed). A patch for todays CVS version is attached.

Someone should also review the clean_fname() function in utils.c.
I think it will not produce the intended result for constructs like
"./////foo" or "bar/././". The former case might pose a security risk.
I think the first two ifs should be whiles.



PS: Just let me say that having to run clean_flist() on both client and
server _after_ the file list has been transmitted is a real PITA.

Christoph Bartelmus                           mailto:bartelmus at
Eyeled GmbH, Science Park Saar            
Stuhlsatzenhausweg 69                         phone: +49-(0)681-3096-114
66123 Saarbrücken                               fax: +49-(0)681-3096-119
-------------- next part --------------
Index: checksum.c
RCS file: /cvsroot/rsync/checksum.c,v
retrieving revision 1.25
diff -u -r1.25 checksum.c
--- checksum.c	10 Apr 2003 01:50:12 -0000	1.25
+++ checksum.c	7 May 2003 14:27:06 -0000
@@ -184,7 +184,7 @@
 void sum_end(char *sum)
-	if (sumresidue) {
+	if (sumresidue || remote_version >= 27) {
 		mdfour_update(&md, (uchar *)sumrbuf, sumresidue);

More information about the rsync mailing list