search for: read_varint

...samba.org Reporter: shqking at gmail.com QA Contact: rsync-qa at samba.org A suspicious integer overflow is found in xattrs.c:692. The code snippet is as follows. 684 for (num = 1; num <= count; num++) { 685 char *ptr, *name; 686 rsync_xa *rxa; 687 size_t name_len = read_varint(f); 688 size_t datum_len = read_varint(f); 689 size_t dget_len = datum_len > MAX_FULL_DATUM ? 1 + MAX_DIGEST_LEN : datum_len; 690 size_t extra_len = MIGHT_NEED_RPRE ? RPRE_LEN : 0; 691 if ((dget_len + extra_len < dget_len) 692 || (dget_len + extra_len + name_len < dget_len)...

...sion 3.1.3dev protocol version 31 code snippets are from receive_xattr in xattrs.c in receive_xattr a name is read from the sender. The sender sends the length of the name, and then sends the name. The name is read in via read_buf so it's not null terminated. 815 size_t name_len = read_varint(f); 826 read_buf(f, name, name_len); If the sender sent --filter that had an xattr filter then this name will be passed to name_is_excluded. 834 if (saw_xattr_filter) { 835 if (name_is_excluded(name, NAME_IS_XATTR, ALL_FILTERS)) { This can lead to a heap overrea...

This is a PoC patch for NFSv4/ZFS ACLs. The objective of the patch is that rsync --acls support NFSv4/ZFS ACLs without requiring a new command line option NFSv4 ACLs can't be represented using POSIX draft ACLs, if an NFSv4 ACL is present a separate POSIX draft ACL will not be present and there are new APIs to access NFSv4 ACLs. So we need to distinguish between NFSv4 ACLs and POSIX ACLs in