thr3ads.net - rsync - DO NOT REPLY [Bug 5235] New: buffer overflow in receive_file

If this information is useful, please help other people find it:
Share via:

samba-bugs@samba.org

2008-Jan-31 10:54 UTC

DO NOT REPLY [Bug 5235] New: buffer overflow in receive_file_entry

https://bugzilla.samba.org/show_bug.cgi?id=5235

           Summary: buffer overflow in receive_file_entry
           Product: rsync
           Version: 2.6.9
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P3
         Component: core
        AssignedTo: wayned@samba.org
        ReportedBy: rsync@ofdan.co.uk
         QAContact: rsync-qa@samba.org


ERROR: buffer overflow in receive_file_entry
rsync error: error allocating core memory buffers (code 22) at util.c(126)

I also found a similiar error using google.com here..
http://lists.samba.org/archive/rsync/2005-April/012104.html

I have tested 2.6.6 and 2.6.8

This fix is for 2.6.8
The changes I have made to fix my error were in 

flist.c (489.c)

static struct file_struct *receive_file_entry(struct file_list *flist, unsigned
short flags, int f)

I changed the following lines:

        static char lastname[MAXPATHLEN], *lastdir;
        char thisname[MAXPATHLEN];

        if (l2 >= MAXPATHLEN - l1) {

to:

        static char lastname[BIGPATHBUFLEN], *lastdir;
        char thisname[BIGPATHBUFLEN];

        if (l2 >= BIGPATHBUFLEN - l1) {


I haven't done full debugged this, but it compiles and runs, and does what I
want so far.


The cause for this, was very long file names.


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

samba-bugs@samba.org

2008-Feb-06 03:08 UTC

head link

DO NOT REPLY [Bug 5235] buffer overflow in receive_file_entry

https://bugzilla.samba.org/show_bug.cgi?id=5235


wayned@samba.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




------- Comment #1 from wayned@samba.org  2008-02-05 21:08 CST -------
The MAXPATHLEN value is supposed to be the maximum length of a string that the
file-handling functions of your OS can accept.  If your OS (or maybe cygwin?)
has it set too small, you should tell those responsible to make it larger.

In the meantime, you can also redefine MAXPATHLEN in config.h so that the whole
app benefits (use #undef before the #define).  Making some buffers use
BIGPATHBUFLEN instead of MAXPATHLEN can cause problems.


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

Maybe Matching Threads

Search for more apparently analagous threads

rsync - Jan 2008 - DO NOT REPLY [Bug 5235] New: buffer overflow in receive_file_entry

DO NOT REPLY [Bug 5235] New: buffer overflow in receive_file_entry

DO NOT REPLY [Bug 5235] buffer overflow in receive_file_entry

Maybe Matching Threads