Bug in 2.6.1
Wayne Davison
wayned at samba.org
Wed Apr 28 17:31:50 GMT 2004
On Wed, Apr 28, 2004 at 03:36:20PM +0100, Gordon Lack wrote:
> Both uid (in map_uid) and gid (in map_gid) are used (tested against
> 0) without being defined.
Those tests were supposed to be for the "id" input variable so that
the code doesn't try to remap a zero ID. The tests are, however,
superfluous since no ID with a value of 0 has an associated name
(rsync doesn't send them), so the check is merely an optimization.
The bad thing that might happen is that the garbage on the stack might
be 0, in which case we would leave the uid/gid unmapped (I don't know if
that's actually possible or not -- some calling sequences can never
result in a zero uninitialized value). To fix this bug, apply the
appended patch.
Thanks for the report!
..wayne..
-------------- next part --------------
--- uidlist.c 20 Feb 2004 17:09:30 -0000 1.23
+++ uidlist.c 28 Apr 2004 17:04:55 -0000
@@ -81,7 +81,7 @@ static char *gid_to_name(gid_t gid)
static int map_uid(int id, char *name)
{
uid_t uid;
- if (uid != 0 && name_to_uid(name, &uid))
+ if (id != 0 && name_to_uid(name, &uid))
return uid;
return id;
}
@@ -89,7 +89,7 @@ static int map_uid(int id, char *name)
static int map_gid(int id, char *name)
{
gid_t gid;
- if (gid != 0 && name_to_gid(name, &gid))
+ if (id != 0 && name_to_gid(name, &gid))
return gid;
return id;
}
More information about the rsync
mailing list