MD4 bug-fix for protocol version 27
Christoph Bartelmus
bartelmus at eyeled.de
Thu May 8 01:02:38 EST 2003
Hi,
while implementing the rsync protocol in one of our projects I found
that the current CVS version still has a MD4 bug. I'm using the FreeBSD
libmd implementation and I still had checksum mismatches with protocol
version 27 for files whose size was a multiple of 64 - 4 ( - 4 due to
checksum_seed). A patch for todays CVS version is attached.
Someone should also review the clean_fname() function in utils.c.
I think it will not produce the intended result for constructs like
"./////foo" or "bar/././". The former case might pose a security risk.
I think the first two ifs should be whiles.
Regards,
Christoph
PS: Just let me say that having to run clean_flist() on both client and
server _after_ the file list has been transmitted is a real PITA.
--
Christoph Bartelmus mailto:bartelmus at eyeled.de
Eyeled GmbH, Science Park Saar http://www.eyeled.de
Stuhlsatzenhausweg 69 phone: +49-(0)681-3096-114
66123 Saarbrücken fax: +49-(0)681-3096-119
-------------- next part --------------
Index: checksum.c
===================================================================
RCS file: /cvsroot/rsync/checksum.c,v
retrieving revision 1.25
diff -u -r1.25 checksum.c
--- checksum.c 10 Apr 2003 01:50:12 -0000 1.25
+++ checksum.c 7 May 2003 14:27:06 -0000
@@ -184,7 +184,7 @@
void sum_end(char *sum)
{
- if (sumresidue) {
+ if (sumresidue || remote_version >= 27) {
mdfour_update(&md, (uchar *)sumrbuf, sumresidue);
}
More information about the rsync
mailing list