security fix from Sebastian Krahmer <krahmer@suse.de>, taken from rsync CVS

2002-01-24 23:25:32 +00:00 · 2002-01-24 23:25:32 +00:00 · 3e234544f1
commit 3e234544f1
parent 31d6d2e631
10 changed files with 308 additions and 1 deletions
--- a/net/rsync/Makefile
+++ b/net/rsync/Makefile
@ -1,7 +1,8 @@
-# $OpenBSD: Makefile,v 1.28 2002/01/14 23:07:49 naddy Exp $
+# $OpenBSD: Makefile,v 1.29 2002/01/24 23:25:32 naddy Exp $

 COMMENT=	"mirroring/synchronization over low bandwidth links"

+PKGNAME=	${DISTNAME}p1
 DISTNAME=	rsync-2.5.1
 CATEGORIES=	net
 NEED_VERSION=	1.504
--- a/net/rsync/patches/patch-exclude_c
+++ b/net/rsync/patches/patch-exclude_c
@ -0,0 +1,13 @@
+$OpenBSD: patch-exclude_c,v 1.1 2002/01/24 23:25:32 naddy Exp $
+--- exclude.c.orig	Fri Nov 30 01:21:08 2001
+++ exclude.c	Thu Jan 24 23:35:43 2002
+@@ -299,7 +299,8 @@ void send_exclude_list(int f)
+ void recv_exclude_list(int f)
+ {
+ 	char line[MAXPATHLEN];
+-	int l;
+	unsigned int l;
+
+ 	while ((l=read_int(f))) {
+ 		if (l >= MAXPATHLEN) overflow("recv_exclude_list");
+ 		read_sbuf(f,line,l);
--- a/net/rsync/patches/patch-fileio_c
+++ b/net/rsync/patches/patch-fileio_c
@ -0,0 +1,21 @@
+$OpenBSD: patch-fileio_c,v 1.1 2002/01/24 23:25:32 naddy Exp $
+--- fileio.c.orig	Mon Mar 15 22:23:11 1999
+++ fileio.c	Thu Jan 24 23:35:43 2002
+@@ -36,7 +36,7 @@ int sparse_end(int f)
+ }
+ 
+ 
+-static int write_sparse(int f,char *buf,int len)
+static int write_sparse(int f,char *buf,size_t len)
+ {
+ 	int l1=0,l2=0;
+ 	int ret;
+@@ -69,7 +69,7 @@ static int write_sparse(int f,char *buf,
+ 
+ 
+ 
+-int write_file(int f,char *buf,int len)
+int write_file(int f,char *buf,size_t len)
+ {
+ 	int ret = 0;
+ 
--- a/net/rsync/patches/patch-flist_c
+++ b/net/rsync/patches/patch-flist_c
@ -0,0 +1,23 @@
+$OpenBSD: patch-flist_c,v 1.1 2002/01/24 23:25:32 naddy Exp $
+--- flist.c.orig	Thu Jan  3 08:09:35 2002
+++ flist.c	Thu Jan 24 23:35:43 2002
+@@ -332,7 +332,7 @@ static void receive_file_entry(struct fi
+ 	static gid_t last_gid;
+ 	static char lastname[MAXPATHLEN];
+ 	char thisname[MAXPATHLEN];
+-	int l1=0,l2=0;
+	unsigned int l1=0,l2=0;
+ 	char *p;
+ 	struct file_struct *file;
+ 
+@@ -399,6 +399,10 @@ static void receive_file_entry(struct fi
+ 
+ 	if (preserve_links && S_ISLNK(file->mode)) {
+ 		int l = read_int(f);
+		if (l < 0) {
+			rprintf(FERROR,"overflow: l=%d\n", l);
+			overflow("receive_file_entry");
+		}
+ 		file->link = (char *)malloc(l+1);
+ 		if (!file->link) out_of_memory("receive_file_entry 2");
+ 		read_sbuf(f,file->link,l);
--- a/net/rsync/patches/patch-io_c
+++ b/net/rsync/patches/patch-io_c
@ -0,0 +1,117 @@
+$OpenBSD: patch-io_c,v 1.1 2002/01/24 23:25:32 naddy Exp $
+--- io.c.orig	Fri Nov 30 01:21:08 2001
+++ io.c	Thu Jan 24 23:35:43 2002
+@@ -49,7 +49,7 @@ int kludge_around_eof = False;
+ 
+ static int io_error_fd = -1;
+ 
+-static void read_loop(int fd, char *buf, int len);
+static void read_loop(int fd, char *buf, size_t len);
+ 
+ static void check_timeout(void)
+ {
+@@ -163,7 +163,7 @@ static void die_from_readerr (int err)
+  * give a better explanation.  We can tell whether the connection has
+  * started by looking e.g. at whether the remote version is known yet.
+  */
+-static int read_timeout (int fd, char *buf, int len)
+static int read_timeout (int fd, char *buf, size_t len)
+ {
+ 	int n, ret=0;
+ 
+@@ -236,7 +236,7 @@ static int read_timeout (int fd, char *b
+ 
+ /*! Continue trying to read len bytes - don't return until len has
+   been read.   */
+-static void read_loop (int fd, char *buf, int len)
+static void read_loop (int fd, char *buf, size_t len)
+ {
+ 	while (len) {
+ 		int n = read_timeout(fd, buf, len);
+@@ -253,7 +253,7 @@ static void read_loop (int fd, char *buf
+  * 
+  * Never returns <= 0. 
+  */
+-static int read_unbuffered(int fd, char *buf, int len)
+static int read_unbuffered(int fd, char *buf, size_t len)
+ {
+ 	static int remaining;
+ 	int tag, ret=0;
+@@ -305,7 +305,7 @@ static int read_unbuffered(int fd, char 
+ 
+ /* do a buffered read from fd. don't return until all N bytes
+    have been read. If all N can't be read then exit with an error */
+-static void readfd (int fd, char *buffer, int N)
+static void readfd (int fd, char *buffer, size_t N)
+ {
+ 	int  ret;
+ 	int total=0;  
+@@ -356,12 +356,12 @@ int64 read_longint(int f)
+ 	return ret;
+ }
+ 
+-void read_buf(int f,char *buf,int len)
+void read_buf(int f,char *buf,size_t len)
+ {
+ 	readfd(f,buf,len);
+ }
+ 
+-void read_sbuf(int f,char *buf,int len)
+void read_sbuf(int f,char *buf,size_t len)
+ {
+ 	read_buf (f,buf,len);
+ 	buf[len] = 0;
+@@ -375,7 +375,7 @@ unsigned char read_byte(int f)
+ }
+ 
+ /* write len bytes to fd */
+-static void writefd_unbuffered(int fd,char *buf,int len)
+static void writefd_unbuffered(int fd,char *buf,size_t len)
+ {
+ 	int total = 0;
+ 	fd_set w_fds, r_fds;
+@@ -483,7 +483,7 @@ void io_start_buffering(int fd)
+ 
+ /* write an message to a multiplexed stream. If this fails then rsync
+    exits */
+-static void mplex_write(int fd, enum logcode code, char *buf, int len)
+static void mplex_write(int fd, enum logcode code, char *buf, size_t len)
+ {
+ 	char buffer[4096];
+ 	int n = len;
+@@ -533,7 +533,7 @@ void io_end_buffering(int fd)
+ 	}
+ }
+ 
+-static void writefd(int fd,char *buf,int len)
+static void writefd(int fd,char *buf,size_t len)
+ {
+ 	stats.total_written += len;
+ 
+@@ -587,7 +587,7 @@ void write_longint(int f, int64 x)
+ 	writefd(f,b,8);
+ }
+ 
+-void write_buf(int f,char *buf,int len)
+void write_buf(int f,char *buf,size_t len)
+ {
+ 	writefd(f,buf,len);
+ }
+@@ -606,7 +606,7 @@ void write_byte(int f,unsigned char c)
+ 
+ 
+ 
+-int read_line(int f, char *buf, int maxlen)
+int read_line(int f, char *buf, size_t maxlen)
+ {
+ 	while (maxlen) {
+ 		buf[0] = 0;
+@@ -664,7 +664,7 @@ void io_start_multiplex_in(int fd)
+ }
+ 
+ /* write an message to the multiplexed error stream */
+-int io_multiplex_write(enum logcode code, char *buf, int len)
+int io_multiplex_write(enum logcode code, char *buf, size_t len)
+ {
+ 	if (!io_multiplexing_out) return 0;
+ 
--- a/net/rsync/patches/patch-log_c
+++ b/net/rsync/patches/patch-log_c
@ -0,0 +1,12 @@
+$OpenBSD: patch-log_c,v 1.1 2002/01/24 23:25:32 naddy Exp $
+--- log.c.orig	Fri Nov 30 01:21:08 2001
+++ log.c	Thu Jan 24 23:35:43 2002
+@@ -466,7 +466,7 @@ static void log_formatted(enum logcode c
+ 
+ 		l = strlen(n);
+ 
+-		if ((l-1) + ((int)(s - &buf[0])) > sizeof(buf)) {
+		if (l + ((int)(s - &buf[0])) >= sizeof(buf)) {
+ 			rprintf(FERROR,"buffer overflow expanding %%%c - exiting\n",
+ 				p[0]);
+ 			exit_cleanup(RERR_MESSAGEIO);
--- a/net/rsync/patches/patch-proto_h
+++ b/net/rsync/patches/patch-proto_h
@ -0,0 +1,65 @@
+$OpenBSD: patch-proto_h,v 1.1 2002/01/24 23:25:32 naddy Exp $
+--- proto.h.orig	Fri Nov 30 01:21:09 2001
+++ proto.h	Thu Jan 24 23:35:43 2002
+@@ -15,10 +15,12 @@ int read_batch_flist_file(char *buff, in
+ unsigned char read_batch_flags();
+ void read_batch_flist_info(struct file_struct **fptr);
+ void write_batch_csums_file(char *buff, int bytes_to_write);
+-void close_batch_csums_file() ;
+-void write_batch_csum_info(int *flist_entry, int flist_count, struct sum_struct *s);
+void close_batch_csums_file();
+void write_batch_csum_info(int *flist_entry, int flist_count,
+			   struct sum_struct *s);
+ int read_batch_csums_file(char *buff, int len);
+-void read_batch_csum_info(int flist_entry, struct sum_struct *s, int *checksums_match);
+void read_batch_csum_info(int flist_entry, struct sum_struct *s,
+			  int *checksums_match);
+ void write_batch_delta_file(char *buff, int bytes_to_write);
+ void close_batch_delta_file();
+ int read_batch_delta_file(char *buff, int len);
+@@ -55,7 +57,7 @@ void add_exclude_line(char *p);
+ void add_include_line(char *p);
+ void add_cvs_excludes(void);
+ int sparse_end(int f);
+-int write_file(int f,char *buf,int len);
+int write_file(int f,char *buf,size_t len);
+ struct map_struct *map_file(int fd,OFF_T len);
+ char *map_ptr(struct map_struct *map,OFF_T offset,int len);
+ void unmap_file(struct map_struct *map);
+@@ -81,21 +83,21 @@ void do_hard_links(struct file_list *fli
+ void io_set_error_fd(int fd);
+ int32 read_int(int f);
+ int64 read_longint(int f);
+-void read_buf(int f,char *buf,int len);
+-void read_sbuf(int f,char *buf,int len);
+void read_buf(int f,char *buf,size_t len);
+void read_sbuf(int f,char *buf,size_t len);
+ unsigned char read_byte(int f);
+ void io_start_buffering(int fd);
+ void io_flush(void);
+ void io_end_buffering(int fd);
+ void write_int(int f,int32 x);
+ void write_longint(int f, int64 x);
+-void write_buf(int f,char *buf,int len);
+void write_buf(int f,char *buf,size_t len);
+ void write_byte(int f,unsigned char c);
+-int read_line(int f, char *buf, int maxlen);
+int read_line(int f, char *buf, size_t maxlen);
+ void io_printf(int fd, const char *format, ...);
+ void io_start_multiplex_out(int fd);
+ void io_start_multiplex_in(int fd);
+-int io_multiplex_write(enum logcode code, char *buf, int len);
+int io_multiplex_write(enum logcode code, char *buf, size_t len);
+ void io_multiplexing_close(void);
+ char *lp_motd_file(void);
+ char *lp_log_file(void);
+@@ -166,6 +168,9 @@ int set_perms(char *fname,struct file_st
+ void sig_int(void);
+ void finish_transfer(char *fname, char *fnametmp, struct file_struct *file);
+ void send_files(struct file_list *flist,int f_out,int f_in);
+int try_bind_local(int s,
+		   int ai_family, int ai_socktype,
+		   const char *bind_address);
+ int open_socket_out(char *host, int port, const char *bind_address,
+ 		    int af_hint);
+ int open_socket_out_wrapped (char *host,
--- a/net/rsync/patches/patch-receiver_c
+++ b/net/rsync/patches/patch-receiver_c
@ -0,0 +1,13 @@
+$OpenBSD: patch-receiver_c,v 1.1 2002/01/24 23:25:32 naddy Exp $
+--- receiver.c.orig	Fri Nov 30 01:21:09 2001
+++ receiver.c	Thu Jan 24 23:35:43 2002
+@@ -206,7 +206,8 @@ static int get_tmpname(char *fnametmp, c
+ static int receive_data(int f_in,struct map_struct *buf,int fd,char *fname,
+ 			OFF_T total_size)
+ {
+-	int i,n,remainder,len,count;
+	int i;
+	unsigned int n,remainder,len,count;
+ 	OFF_T offset = 0;
+ 	OFF_T offset2;
+ 	char *data;
--- a/net/rsync/patches/patch-rsync_h
+++ b/net/rsync/patches/patch-rsync_h
@ -0,0 +1,16 @@
+$OpenBSD: patch-rsync_h,v 1.1 2002/01/24 23:25:32 naddy Exp $
+--- rsync.h.orig	Thu Jan  3 08:09:36 2002
+++ rsync.h	Thu Jan 24 23:35:43 2002
+@@ -343,9 +343,9 @@ struct sum_buf {
+ 
+ struct sum_struct {
+   OFF_T flength;		/* total file length */
+-  int count;			/* how many chunks */
+-  int remainder;		/* flength % block_length */
+-  int n;			/* block_length */
+  size_t count;			/* how many chunks */
+  size_t remainder;		/* flength % block_length */
+  size_t n;			/* block_length */
+   struct sum_buf *sums;		/* points to info for each chunk */
+ };
+ 
--- a/net/rsync/patches/patch-util_c
+++ b/net/rsync/patches/patch-util_c
@ -0,0 +1,26 @@
+$OpenBSD: patch-util_c,v 1.1 2002/01/24 23:25:32 naddy Exp $
+--- util.c.orig	Thu Jan  3 08:09:38 2002
+++ util.c	Thu Jan 24 23:35:43 2002
+@@ -275,7 +275,7 @@ int create_directory_path(char *fname)
+ 
+    derived from GNU C's cccp.c.
+ */
+-static int full_write(int desc, char *ptr, int len)
+static int full_write(int desc, char *ptr, size_t len)
+ {
+ 	int total_written;
+ 	
+@@ -301,11 +301,11 @@ static int full_write(int desc, char *pt
+    for an error.  
+ 
+    derived from GNU C's cccp.c. */
+-static int safe_read(int desc, char *ptr, int len)
+static int safe_read(int desc, char *ptr, size_t len)
+ {
+ 	int n_chars;
+  
+-	if (len <= 0)
+	if (len == 0)
+ 		return len;
+  
+ #ifdef EINTR