search for: portbuf

Hi folks, I've discovered a local stack overflow bug in rsync 2.5.7. Problem is in open_socket_out function (socket.c). ... char portbuf[10]; char *h; int proxied = 0; char buffer[1024]; char *cp; ... h = getenv("RSYNC_PROXY"); proxied = (h != NULL) && (*h != '\0'); ... if (proxied) { strlcpy(buffer, h, sizeof(buffer));...

...@param bind_address Local address to bind, or NULL to allow it to * default. **/ -static int open_socket_in(int type, int port, const char *bind_address, - int af_hint) +static int open_socket_in(struct addrinfo *resp) { int one=1; int s; - struct addrinfo hints, *all_ai, *resp; - char portbuf[10]; - int error; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = af_hint; - hints.ai_socktype = type; - hints.ai_flags = AI_PASSIVE; - snprintf(portbuf, sizeof(portbuf), "%d", port); - error = getaddrinfo(bind_address, portbuf, &hints, &all_ai); - if (error) { - rp...

Hi, all -- Here's a small patch that gives better diagnostics on the daemon side if it fails to start up due to inability to create or bind the socket. Presently, it gives a log entry indicating that no sockets could be bound, but crucially does *not* have the system error message (i.e. errno) from the failed call, making it difficult or impossible to determine the problem. I do have a

...e { + /* whole buffer is the host part */ + buffer_hostpart = buffer; + } + + cp = strchr(buffer_hostpart, ':'); + if (cp == NULL) { rprintf(FERROR, "invalid proxy specification: should be HOST:PORT\n"); @@ -185,7 +255,7 @@ } *cp++ = '\0'; strcpy(portbuf, cp); - h = buffer; + h = buffer_hostpart; if (verbose >= 2) { rprintf(FINFO, "connection via http proxy %s port %s\n", h, portbuf); @@ -229,7 +299,8 @@ continue; } if (proxied && - establish_proxy_connection(s, host, port) != 0) { + establish_...

...lse { + /* whole buffer is the host part */ + buffer_hostpart = buffer; + } + + cp = strchr(buffer_hostpart, ':'); if (cp == NULL) { rprintf(FERROR, "invalid proxy specification: should be HOST:PORT\n"); @@ -183,7 +250,7 @@ } *cp++ = '\0'; strcpy(portbuf, cp); - h = buffer; + h = buffer_hostpart; if (verbose >= 2) { rprintf(FINFO, "connection via http proxy %s port %s\n", h, portbuf); @@ -227,7 +294,8 @@ continue; } if (proxied && - establish_proxy_connection(s, host, port) != 0) { + establish_...