diff options
| author | Alyssa Ross <hi@alyssa.is> | 2023-11-21 16:12:21 +0100 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-11-21 16:12:48 +0100 |
| commit | 048a4cd441a59cbf89defb18bb45c9f0b4429b35 (patch) | |
| tree | f8f5850ff05521ab82d65745894714a8796cbfb6 /pkgs/applications/networking/sync/rsync | |
| parent | 030c5028b07afcedce7c5956015c629486cc79d9 (diff) | |
| parent | 4c2d05dd6435d449a3651a6dd314d9411b5f8146 (diff) | |
| download | nixpkgs-rootfs.tar nixpkgs-rootfs.tar.gz nixpkgs-rootfs.tar.bz2 nixpkgs-rootfs.tar.lz nixpkgs-rootfs.tar.xz nixpkgs-rootfs.tar.zst nixpkgs-rootfs.zip | |
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Diffstat (limited to 'pkgs/applications/networking/sync/rsync')
| -rw-r--r-- | pkgs/applications/networking/sync/rsync/default.nix | 6 | ||||
| -rw-r--r-- | pkgs/applications/networking/sync/rsync/rsync-fortified-strlcpy-fix.patch | 49 |
2 files changed, 55 insertions, 0 deletions
diff --git a/pkgs/applications/networking/sync/rsync/default.nix b/pkgs/applications/networking/sync/rsync/default.nix index 9df26b6bb84..1baf1c40eb1 100644 --- a/pkgs/applications/networking/sync/rsync/default.nix +++ b/pkgs/applications/networking/sync/rsync/default.nix @@ -30,6 +30,12 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ perl ]; + patches = [ + # https://github.com/WayneD/rsync/issues/511#issuecomment-1774612577 + # original source: https://build.opensuse.org/package/view_file/network/rsync/rsync-fortified-strlcpy-fix.patch?expand=1&rev=3f8dd2f4a404c96c0f69176e60893714 + ./rsync-fortified-strlcpy-fix.patch + ]; + buildInputs = [ libiconv zlib popt ] ++ lib.optional enableACLs acl ++ lib.optional enableZstd zstd diff --git a/pkgs/applications/networking/sync/rsync/rsync-fortified-strlcpy-fix.patch b/pkgs/applications/networking/sync/rsync/rsync-fortified-strlcpy-fix.patch new file mode 100644 index 00000000000..296445b4bb5 --- /dev/null +++ b/pkgs/applications/networking/sync/rsync/rsync-fortified-strlcpy-fix.patch @@ -0,0 +1,49 @@ +From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001 +From: Jiri Slaby <jslaby@suse.cz> +Date: Fri, 18 Aug 2023 08:26:20 +0200 +Subject: [PATCH] exclude: fix crashes with fortified strlcpy() + +Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when +its third parameter (size) is larger than the buffer: + $ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx + sending incremental file list + *** buffer overflow detected ***: terminated + +It's in the exclude code in setup_merge_file(): + strlcpy(y, save, MAXPATHLEN); + +Note the 'y' pointer was incremented, so it no longer points to memory +with MAXPATHLEN "owned" bytes. + +Fix it by remembering the number of copied bytes into the 'save' buffer +and use that instead of MAXPATHLEN which is clearly incorrect. + +Fixes #511. +--- + exclude.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/exclude.c b/exclude.c +index ffe55b167..1a5de3b9e 100644 +--- a/exclude.c ++++ b/exclude.c +@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, + parent_dirscan = True; + while (*y) { + char save[MAXPATHLEN]; +- strlcpy(save, y, MAXPATHLEN); ++ /* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */ ++ size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1; + *y = '\0'; + dirbuf_len = y - dirbuf; + strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf)); +@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, + lp->head = NULL; + } + lp->tail = NULL; +- strlcpy(y, save, MAXPATHLEN); ++ strlcpy(y, save, copylen); + while ((*x++ = *y++) != '/') {} + } + parent_dirscan = False; + |