On Thu, 4 Dec 2003, Kees Cook <kees@kernel.org>
wrote:> This is a patch made by the redhat folks. I noticed it in their src.rpm
> for rsync while I was updating it for 2.5.7. I figure at the worst,
it's
> a nice bit of protection. It would be cool to get this put into CVS.
Contents of rsync-2.4.6-segv.patch:
--- rsync-2.4.6/main.c.foo Fri Aug 17 11:46:03 2001
+++ rsync-2.4.6/main.c Fri Aug 17 11:45:37 2001
@@ -534,6 +534,7 @@
{
char *p, *p2;
+ if (!s || !*s) return NULL;
p = strchr(s,':');
if (!p) return NULL;
The problem with this type of patch is that it covers up the symptom
without addressing the underlying cause, which is calling the find_colon
routine with a NULL argument.
find_colon is called in only two places, and I can't see where it could
get called with a NULL argument, so that patch is no longer needed, IMO.
It is very likely that the original logic flaw was found and fixed between
versions 2.4.4 and 2.5.6 (2.5.7 being only a security fix).
--
John Van Essen Univ of MN Alumnus <vanes002@umn.edu>