Revert "rsync: fix regression with _FORTIFY_SOURCE=2" (#265876)
This reverts commit ad38853459
.
This change while correct causes a mass-rebuild and needs to be resubmitted for staging.
This commit is contained in:
parent
8f4707cd8d
commit
7790e79cb0
@ -30,12 +30,6 @@ stdenv.mkDerivation rec {
|
|||||||
|
|
||||||
nativeBuildInputs = [ perl ];
|
nativeBuildInputs = [ perl ];
|
||||||
|
|
||||||
patches = [
|
|
||||||
# https://github.com/WayneD/rsync/issues/511#issuecomment-1774612577
|
|
||||||
# original source: https://build.opensuse.org/package/view_file/network/rsync/rsync-fortified-strlcpy-fix.patch?expand=1&rev=3f8dd2f4a404c96c0f69176e60893714
|
|
||||||
./rsync-fortified-strlcpy-fix.patch
|
|
||||||
];
|
|
||||||
|
|
||||||
buildInputs = [ libiconv zlib popt ]
|
buildInputs = [ libiconv zlib popt ]
|
||||||
++ lib.optional enableACLs acl
|
++ lib.optional enableACLs acl
|
||||||
++ lib.optional enableZstd zstd
|
++ lib.optional enableZstd zstd
|
||||||
|
@ -1,49 +0,0 @@
|
|||||||
From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jiri Slaby <jslaby@suse.cz>
|
|
||||||
Date: Fri, 18 Aug 2023 08:26:20 +0200
|
|
||||||
Subject: [PATCH] exclude: fix crashes with fortified strlcpy()
|
|
||||||
|
|
||||||
Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when
|
|
||||||
its third parameter (size) is larger than the buffer:
|
|
||||||
$ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx
|
|
||||||
sending incremental file list
|
|
||||||
*** buffer overflow detected ***: terminated
|
|
||||||
|
|
||||||
It's in the exclude code in setup_merge_file():
|
|
||||||
strlcpy(y, save, MAXPATHLEN);
|
|
||||||
|
|
||||||
Note the 'y' pointer was incremented, so it no longer points to memory
|
|
||||||
with MAXPATHLEN "owned" bytes.
|
|
||||||
|
|
||||||
Fix it by remembering the number of copied bytes into the 'save' buffer
|
|
||||||
and use that instead of MAXPATHLEN which is clearly incorrect.
|
|
||||||
|
|
||||||
Fixes #511.
|
|
||||||
---
|
|
||||||
exclude.c | 5 +++--
|
|
||||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/exclude.c b/exclude.c
|
|
||||||
index ffe55b167..1a5de3b9e 100644
|
|
||||||
--- a/exclude.c
|
|
||||||
+++ b/exclude.c
|
|
||||||
@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
|
|
||||||
parent_dirscan = True;
|
|
||||||
while (*y) {
|
|
||||||
char save[MAXPATHLEN];
|
|
||||||
- strlcpy(save, y, MAXPATHLEN);
|
|
||||||
+ /* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */
|
|
||||||
+ size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1;
|
|
||||||
*y = '\0';
|
|
||||||
dirbuf_len = y - dirbuf;
|
|
||||||
strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf));
|
|
||||||
@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
|
|
||||||
lp->head = NULL;
|
|
||||||
}
|
|
||||||
lp->tail = NULL;
|
|
||||||
- strlcpy(y, save, MAXPATHLEN);
|
|
||||||
+ strlcpy(y, save, copylen);
|
|
||||||
while ((*x++ = *y++) != '/') {}
|
|
||||||
}
|
|
||||||
parent_dirscan = False;
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user