DO NOT REPLY [Bug 7057] Buffer overflow when sending a file with long name

samba-bugs at samba-bugs at
Tue Mar 23 18:32:54 MDT 2010

------- Comment #7 from matt at  2010-03-23 19:32 CST -------
Created an attachment (id=5529)
 --> (

I think I found the problem, and no, it isn't fixed by the proposed patch.  If
send_directory is called with dlen == MAXPATHLEN - 1, it will append a slash
and then write a null byte just beyond the buffer.  Attached is a reproducer. 
I reproduced the fortify failure on i686.  For some reason I did not get a
fortify failure on x86_64, but I got a valgrind error if I changed the buffer
to be heap allocated.

Configure bugmail:
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the rsync mailing list