samba-bugs at samba.org
2011-Jan-27 19:09 UTC
DO NOT REPLY [Bug 7936] New: Random false checksum mismatches
https://bugzilla.samba.org/show_bug.cgi?id=7936
Summary: Random false checksum mismatches
Product: rsync
Version: 3.0.7
Platform: Other
OS/Version: Linux
Status: NEW
Severity: major
Priority: P3
Component: core
AssignedTo: wayned at samba.org
ReportedBy: matt at mattmccutchen.net
QAContact: rsync-qa at samba.org
Under circumstances that are not fully understood but appear to be related to
the presence of a transfer and a deletion in a previous directory, rsync 3.0.7
sometimes reports a checksum mismatch for files whose contents are in fact
identical on source and destination.
Original report by Mikolaj Kucharski:
https://lists.samba.org/archive/rsync//2011-January/025988.html
A minimized test case:
mkdir src src/sub
touch src/1 src/2 src/sub/file
rsync -a src/ dest/
echo data >src/1
rm src/2
rsync -nvi -rc --delete src/ dest/
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
samba-bugs at samba.org
2011-Jan-28 02:19 UTC
DO NOT REPLY [Bug 7936] Random false checksum mismatches
https://bugzilla.samba.org/show_bug.cgi?id=7936
wayned at samba.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Comment #1 from wayned at samba.org 2011-01-27 20:19 CST -------
Indeed. Switching from --delete to --del is enough to avoid the issue. Will
investigate.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
samba-bugs at samba.org
2011-Jan-28 02:24 UTC
DO NOT REPLY [Bug 7936] Random false checksum mismatches
https://bugzilla.samba.org/show_bug.cgi?id=7936 ------- Comment #2 from wayned at samba.org 2011-01-27 20:24 CST ------- Actually, the bug seems to be somewhat random, so the vanishing of the issue with --del was just a random no-show. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
samba-bugs at samba.org
2011-Jan-29 07:08 UTC
DO NOT REPLY [Bug 7936] Random false checksum mismatches
https://bugzilla.samba.org/show_bug.cgi?id=7936 ------- Comment #3 from wayned at samba.org 2011-01-29 01:08 CST ------- A work-around for this issue is to always use the --owner (-o) option with --delete when using incremental recursion. I'll work up an actual fix soon. -- Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
samba-bugs at samba.org
2011-Jan-30 06:28 UTC
DO NOT REPLY [Bug 7936] Random false checksum mismatches
https://bugzilla.samba.org/show_bug.cgi?id=7936
wayned at samba.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
Version|3.0.7 |3.0.8
------- Comment #4 from wayned at samba.org 2011-01-30 00:27 CST -------
This will be fixed in 3.0.8.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
samba-bugs at samba.org
2011-Apr-01 01:39 UTC
[Bug 7936] Incremental file-list corruption due to temporary file_extra_cnt increments (CVE-2011-1097)
https://bugzilla.samba.org/show_bug.cgi?id=7936
Matt McCutchen <matt at mattmccutchen.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Random false checksum |Incremental file-list
|mismatches |corruption due to temporary
| |file_extra_cnt increments
| |(CVE-2011-1097)
--- Comment #5 from Matt McCutchen <matt at mattmccutchen.net> 2011-04-01
01:39:08 UTC ---
The underlying bug here has potential security ramifications, so I was holding
off on adding the full story until rsync 3.0.8 was released with the fix.
Briefly: if --recursive, --delete, and --hard-links are on and --owner is off,
a malicious sender can cause the receiver's hard-link data structures to
become
corrupted so as to break memory safety. I've demonstrated that this can
lead
to heap corruption; arbitrary code execution has been neither confirmed nor
ruled out. (Some sites are claiming arbitrary code execution is known to be
possible; that is incorrect, unless they know something I don't.)
You can read more at https://bugzilla.redhat.com/show_bug.cgi?id=675036. See
also the CVE entry at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1097.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Reasonably Related Threads
- DO NOT REPLY [Bug 7454] New: assertion failed in finish_hard_link()
- DO NOT REPLY [Bug 6694] New: rsync -A drops mask from ACL
- DO NOT REPLY [Bug 7109] New: Need to define NO_SYMLINK_XATTR on Linux
- DO NOT REPLY [Bug 5201] New: Rsync lets user corrupt dest by applying non-inplace batch in inplace mode
- DO NOT REPLY [Bug 6915] New: Reject passing an argument to an option that doesn't take one