rsync - Oct 2017 - [Bug 13104] New: NULL deref do_server_sender when argc=0

https://bugzilla.samba.org/show_bug.cgi?id=13104

            Bug ID: 13104
           Summary: NULL deref do_server_sender when argc=0
           Product: rsync
           Version: 3.1.3
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: core
          Assignee: wayned at samba.org
          Reporter: jeriko.one at gmx.us
        QA Contact: rsync-qa at samba.org

Created attachment 13732
  --> https://bugzilla.samba.org/attachment.cgi?id=13732&action=edit
patch to handle argc == 0

$ bin/rsync --version
rsync  version 3.1.3dev  protocol version 31

this exist in 3.1.2 as well. 

rsyncd reads in arguments from the connecting client. These are parsed in
parse_arguments.parse_arguments parses what it can via popt, and increments
argv and decrements argc to reflect the consumed values. 

The problem is that do_server_sender is expecting at least 1 argument to use as
dir

786     char *dir = argv[0];

When there are no arguments in argv this leads a a NULL deref. 

ASAN:SIGSEGV
==================================================================7407==ERROR:
AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x000000453662 bp 0x7fffffffae90 sp 0x7fffffffae50 T0)
    #0 0x453661 in do_server_sender /home/raj/rsync/rsync/main.c:786
    #1 0x4556a0 in start_server /home/j/rsync/rsync/main.c:1110
    #2 0x4b202a in rsync_module /home/j/rsync/rsync/clientserver.c:1007
    #3 0x4b2a49 in start_daemon /home/j/rsync/rsync/clientserver.c:1135
    #4 0x48f56e in start_accept_loop /home/j/rsync/rsync/socket.c:618
    #5 0x4b320a in daemon_main /home/j/rsync/rsync/clientserver.c:1237
    #6 0x4582da in main /home/j/rsync/rsync/main.c:1627
    #7 0x7ffff64d866f in __libc_start_main (/lib64/libc.so.6+0x2066f)
    #8 0x4047c8 in _start (/home/j/rsync/asan/bin/rsync+0x4047c8)

The attached patch will check for argc == 0 and exit_cleanup.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

https://bugzilla.samba.org/show_bug.cgi?id=13104

Wayne Davison <wayned at samba.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #1 from Wayne Davison <wayned at samba.org> ---
Committing a fix to git now.  Thanks!

-- 
You are receiving this mail because:
You are the QA Contact for the bug.