[Bug 2785] New: rsync gives following error: buffer overflow in
receive_file_entry
samba-bugs at samba.org
samba-bugs at samba.org
Thu Jun 9 17:56:24 GMT 2005
https://bugzilla.samba.org/show_bug.cgi?id=2785
Summary: rsync gives following error: buffer overflow in
receive_file_entry
Product: rsync
Version: 2.6.3
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P3
Component: core
AssignedTo: wayned at samba.org
ReportedBy: carnesresearchcenter at gmail.com
QAContact: rsync-qa at samba.org
If I execute the following command:
rsync -vrptgz --rsh="ssh $BCPSERVER rsync rsyncd --daemon --
config=$RSYNCDCONFIGFILE --port=$RSYNCDPORT" --rsync-path=$RSYNCPATH
$RSYNCSOURCE $LOGNAME@$BCPSERVER::$RSYNCDESTINATIONMODULE
and I have a symbolic link in the directory represented by $RSYNCSOURCE then I
get the following output:
building file list ...
5 files to consider
overflow: linkname_len=1862797370
ERROR: buffer overflow in receive_file_entry
rsync error: error allocating core memory buffers (code 22) at util.c(126)
rsync: connection unexpectedly closed (4 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(359)
If I add the -l option to the command then rsync seems to complete fine however
the symbolic links that have the following pattern symlink -> /foo/bar get
rsynced to symlink -> foo/bar.
I looked at the source and I have found the code that generated the errors that
I see. below is the code section from flist.c:
#if SUPPORT_LINKS
if (preserve_links && S_ISLNK(mode)) {
linkname_len = read_int(f) + 1; /* count the '\0' */
if (linkname_len <= 0 || linkname_len > MAXPATHLEN) {
rprintf(FERROR, "overflow: linkname_len=%d\n",
linkname_len - 1);
overflow("receive_file_entry");
}
}
else
#endif
I cannot figure out why we are actually executing this section of code if our
preserve_links && S_ISLNK variables are not set to 1, which I do not see that
they are given the rsync arguments that we are using.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the rsync
mailing list