Displaying 4 results from an estimated 4 matches for "rpre_len".
Did you mean:
prev_len
2017 Oct 31
0
[Bug 13113] New: receive_xattr heap overflow when prepending RSYNC_PREFIX
...".", ".", "\0"};
code snippets are from xattrs.c
in receive_xattr a name is read from the sender. The name might need to be
prefixed depending on am_root. To make room for this prefix extra_len is
possibly allocated.
818 size_t extra_len = MIGHT_NEED_RPRE ? RPRE_LEN : 0;
822 ptr = new_array(char, dget_len + extra_len + name_len); <-- the
length values are received from the sender. In this case I'm sending dget_len =
0
61 #ifdef HAVE_LINUX_XATTRS
62 #define MIGHT_NEED_RPRE (am_root < 0)
The issue is that am_root < 0 isn't the on...
2016 Dec 01
3
[PATCH v2 1/2] xattrs: Skip security.evm extended attribute
...+1043,9 @@ static int rsync_xal_set(const char *fname, item_list *xalp,
if (user_only ? !HAS_PREFIX(name, USER_PREFIX)
: HAS_PREFIX(name, SYSTEM_PREFIX))
continue;
+
+ if (!strcmp(name, "security.evm"))
+ continue;
#endif
if (am_root < 0 && name_len > RPRE_LEN
&& name[RPRE_LEN] == '%' && strcmp(name, XSTAT_ATTR) == 0)
--
2.7.4
2017 Oct 31
2
[Bug 13112] New: receive_xattr heap overread with non null terminated name and xattr filter
https://bugzilla.samba.org/show_bug.cgi?id=13112
Bug ID: 13112
Summary: receive_xattr heap overread with non null terminated
name and xattr filter
Product: rsync
Version: 3.1.3
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: core
2017 Feb 07
2
[Bug 12568] New: Integer overflow still affects xattrs.c
...(num = 1; num <= count; num++) {
685 char *ptr, *name;
686 rsync_xa *rxa;
687 size_t name_len = read_varint(f);
688 size_t datum_len = read_varint(f);
689 size_t dget_len = datum_len > MAX_FULL_DATUM ? 1 + MAX_DIGEST_LEN :
datum_len;
690 size_t extra_len = MIGHT_NEED_RPRE ? RPRE_LEN : 0;
691 if ((dget_len + extra_len < dget_len)
692 || (dget_len + extra_len + name_len < dget_len))
693 overflow_exit("receive_xattr");
694 ptr = new_array(char, dget_len + extra_len + name_len);
695 if (!ptr)
696 out_of_memory("receive_xattr");...