diff options
| author | Andrew Tridgell <tridge@samba.org> | 1997-12-15 21:35:37 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 1997-12-15 21:35:37 +0000 |
| commit | 13a1f7929ed05c652dc1b3eb4489ced01c8616f1 (patch) | |
| tree | 610349bdf085868f7a49a07614b709094b20136a /flist.c | |
| parent | e92338c82deba1576d23f22e11d95b0b34432e08 (diff) | |
| download | rsync-13a1f7929ed05c652dc1b3eb4489ced01c8616f1.tar.gz | |
some people are now using rsync as a public server, using various
patches or wrappers. One problem with this is that rsync was not
written with this in mind and wasn't very careful about possible stack
overflows etc which could lead to security breaches. This wasn't a
problem when run in the traditional way as any user that can run rsync
can login anyway and cause much more damage that way.
This patch attempts to close possible stack overflow problems. I've
checked for all strcpy(), strcat(), sprintf() and memcpy()
overflows. I would appreciate it if someone else with a devious mind
could also go through the rsync source code and see if there are any
other stack overflows possible. Let me know if you do.
Diffstat (limited to 'flist.c')
| -rw-r--r-- | flist.c | 16 |
1 files changed, 9 insertions, 7 deletions
@@ -159,8 +159,8 @@ void send_file_entry_v11(struct file_struct *file,int f) last_gid = file->gid; last_time = file->modtime; - strcpy(lastname,file->name); - lastname[255] = 0; + strncpy(lastname,file->name,MAXPATHLEN-1); + lastname[MAXPATHLEN-1] = 0; } @@ -229,8 +229,8 @@ void receive_file_entry_v11(struct file_struct *file, last_gid = file->gid; last_time = file->modtime; - strcpy(lastname,file->name); - lastname[255] = 0; + strncpy(lastname,file->name,MAXPATHLEN-1); + lastname[MAXPATHLEN-1] = 0; } @@ -357,7 +357,8 @@ static void send_directory(int f,struct file_list *flist,char *dir) return; } - strcpy(fname,dir); + strncpy(fname,dir,MAXPATHLEN-1); + fname[MAXPATHLEN-1]=0; l = strlen(fname); if (fname[l-1] != '/') strcat(fname,"/"); @@ -372,7 +373,7 @@ static void send_directory(int f,struct file_list *flist,char *dir) if (strcmp(di->d_name,".")==0 || strcmp(di->d_name,"..")==0) continue; - strcpy(p,di->d_name); + strncpy(p,di->d_name,MAXPATHLEN-l); send_file_name(f,flist,fname); } @@ -407,7 +408,8 @@ struct file_list *send_file_list(int f,int argc,char *argv[]) char fname2[MAXPATHLEN]; char *fname = fname2; - strcpy(fname,argv[i]); + strncpy(fname,argv[i],MAXPATHLEN-1); + fname[MAXPATHLEN-1] = 0; l = strlen(fname); if (l != 1 && fname[l-1] == '/') { |