Update to 2.6.2: various bug fixes and minor enhancements.

SECURITY:
Paths sent to an rsync daemon are more thoroughly sanitized when
chroot is not used.  If you're running a non-read-only rsync daemon
with chroot disabled, *please upgrade*, especially if the user privs
you run rsync under is anything above "nobody".
This commit is contained in:
naddy 2004-05-11 13:39:17 +00:00
parent d85068ea88
commit ff588261ab
4 changed files with 9 additions and 214 deletions

View File

@ -1,8 +1,8 @@
# $OpenBSD: Makefile,v 1.40 2003/12/04 17:54:17 espie Exp $
# $OpenBSD: Makefile,v 1.41 2004/05/11 13:39:17 naddy Exp $
COMMENT= "mirroring/synchronization over low bandwidth links"
DISTNAME= rsync-2.5.7
DISTNAME= rsync-2.6.2
CATEGORIES= net
HOMEPAGE= http://rsync.samba.org/
@ -19,16 +19,13 @@ MASTER_SITES= ftp://ftp.samba.org/pub/rsync/ \
http://ftp.samba.org/ftp/rsync/ \
ftp://ftp.funet.fi/pub/mirrors/rsync.samba.org/pub/rsync/
SEPARATE_BUILD= concurrent
CONFIGURE_STYLE= gnu
CONFIGURE_ARGS= --with-included-popt \
--with-rsh=ssh
SEPARATE_BUILD= simple
CONFIGURE_STYLE=gnu
CONFIGURE_ARGS= --with-included-popt \
--with-rsyncd-conf="${SYSCONFDIR}/rsyncd.conf"
DOCDIR= ${PREFIX}/share/doc/rsync
post-patch:
@perl -pi -e 's,/etc,${SYSCONFDIR},g' ${WRKSRC}/rsync.h
do-install:
${INSTALL_DATA_DIR} ${DOCDIR}
${INSTALL_PROGRAM} ${WRKBUILD}/rsync ${PREFIX}/bin

View File

@ -1,3 +1,3 @@
MD5 (rsync-2.5.7.tar.gz) = 9b3ec929091d7849f42b973247918a55
RMD160 (rsync-2.5.7.tar.gz) = ec5ee4d579c68b08fe4c1dc88014866942207ece
SHA1 (rsync-2.5.7.tar.gz) = a2b186cfa4da1f8634e896e3ed2914cbd3bcd1f4
MD5 (rsync-2.6.2.tar.gz) = bcacd9a9108a9e4760832212ec3d658d
RMD160 (rsync-2.6.2.tar.gz) = 3b11b2525589896a98547843791baa484a887fa6
SHA1 (rsync-2.6.2.tar.gz) = 0262108be42883c394865a447ffa32f5407ebf3f

View File

@ -1,25 +0,0 @@
$OpenBSD: patch-rsync_h,v 1.5 2003/12/04 17:54:17 espie Exp $
--- rsync.h.orig 2003-12-04 05:23:30.000000000 +0100
+++ rsync.h 2003-12-04 09:32:51.000000000 +0100
@@ -114,10 +114,6 @@ enum logcode {FNONE=0, FERROR=1, FINFO=2
#include <string.h>
#endif
-#ifdef HAVE_MALLOC_H
-#include <malloc.h>
-#endif
-
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
@@ -184,10 +180,6 @@ enum logcode {FNONE=0, FERROR=1, FINFO=2
#include <glob.h>
#endif
-#ifdef HAVE_MALLOC_H
-# include <malloc.h>
-#endif
-
/* these are needed for the uid/gid mapping code */
#include <pwd.h>
#include <grp.h>

View File

@ -1,177 +0,0 @@
$OpenBSD: patch-socket_c,v 1.2 2003/12/04 17:54:17 espie Exp $
--- socket.c.orig 2003-01-27 04:35:09.000000000 +0100
+++ socket.c 2003-12-04 09:44:06.000000000 +0100
@@ -292,11 +292,11 @@ int open_socket_out_wrapped (char *host,
* @param bind_address Local address to bind, or NULL to allow it to
* default.
**/
-static int open_socket_in(int type, int port, const char *bind_address,
- int af_hint)
+static int *open_socket_in(int type, int port, const char *bind_address,
+ int af_hint)
{
int one=1;
- int s;
+ int *s, *socks, maxs;
struct addrinfo hints, *all_ai, *resp;
char portbuf[10];
int error;
@@ -310,41 +310,65 @@ static int open_socket_in(int type, int
if (error) {
rprintf(FERROR, RSYNC_NAME ": getaddrinfo: bind address %s: %s\n",
bind_address, gai_strerror(error));
- return -1;
+ return NULL;
+ }
+
+ /* Count max number of sockets we may open */
+ for (maxs = 0, resp = all_ai; resp; resp = resp->ai_next, maxs++)
+ ;
+ socks = new_array(int, maxs + 1);
+ if (!socks) {
+ rprintf(FERROR,
+ RSYNC_NAME "couldn't allocate memory for sockets");
+ return NULL;
}
/* We may not be able to create the socket, if for example the
* machine knows about IPv6 in the C library, but not in the
* kernel. */
+ *socks = 0; /* num of sockets counter at start of array */
+ s = socks + 1;
for (resp = all_ai; resp; resp = resp->ai_next) {
- s = socket(resp->ai_family, resp->ai_socktype,
+ *s = socket(resp->ai_family, resp->ai_socktype,
resp->ai_protocol);
- if (s == -1)
+ if (*s == -1)
/* See if there's another address that will work... */
continue;
- setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+ setsockopt(*s, SOL_SOCKET, SO_REUSEADDR,
(char *)&one, sizeof one);
+#ifdef IPV6_V6ONLY
+ if (resp->ai_family == AF_INET6)
+ setsockopt(*s, IPPROTO_IPV6, IPV6_V6ONLY,
+ (char *)&one, sizeof one);
+#endif
+
/* now we've got a socket - we need to bind it */
- if (bind(s, all_ai->ai_addr, all_ai->ai_addrlen) < 0) {
+ if (bind(*s, resp->ai_addr, resp->ai_addrlen) < 0) {
/* Nope, try another */
- close(s);
+ close(*s);
continue;
}
- freeaddrinfo(all_ai);
- return s;
+ (*socks)++;
+ s++;
}
- rprintf(FERROR, RSYNC_NAME ": open inbound socket on port %d failed: "
- "%s\n",
- port,
- strerror(errno));
+ if (all_ai)
+ freeaddrinfo(all_ai);
- freeaddrinfo(all_ai);
- return -1;
+ if (*socks == 0) {
+ rprintf(FERROR,
+ RSYNC_NAME ": open inbound socket on port %d failed: "
+ "%s\n",
+ port,
+ strerror(errno));
+ free(socks);
+ return NULL;
+ }
+ return socks;
}
@@ -376,19 +400,29 @@ int is_a_socket(int fd)
void start_accept_loop(int port, int (*fn)(int, int))
{
- int s;
+ fd_set deffds;
+ int *s, maxfd, i, j;
extern char *bind_address;
extern int default_af_hint;
/* open an incoming socket */
s = open_socket_in(SOCK_STREAM, port, bind_address, default_af_hint);
- if (s == -1)
+ if (s == NULL)
exit_cleanup(RERR_SOCKETIO);
/* ready to listen */
- if (listen(s, 5) == -1) {
- close(s);
- exit_cleanup(RERR_SOCKETIO);
+ FD_ZERO(&deffds);
+ maxfd = -1;
+ for (i = 1; i <= *s; i++) {
+ if (listen(s[i], 5) == -1) {
+ for (j = 1; j <= i; j++)
+ close(s[j]);
+ free(s);
+ exit_cleanup(RERR_SOCKETIO);
+ }
+ FD_SET(s[i], &deffds);
+ if (maxfd < s[i])
+ maxfd = s[i];
}
@@ -406,16 +440,20 @@ void start_accept_loop(int port, int (*f
forever */
log_close();
- FD_ZERO(&fds);
- FD_SET(s, &fds);
+ FD_COPY(&deffds, &fds);
- if (select(s+1, &fds, NULL, NULL, NULL) != 1) {
+ if (select(maxfd + 1, &fds, NULL, NULL, NULL) != 1) {
continue;
}
- if(!FD_ISSET(s, &fds)) continue;
-
- fd = accept(s,(struct sockaddr *)&addr,&addrlen);
+ fd = -1;
+ for (i = 1; i <= *s; i++) {
+ if (FD_ISSET(s[i], &fds)) {
+ fd = accept(s[i], (struct sockaddr *)&addr,
+ &addrlen);
+ break;
+ }
+ }
if (fd == -1) continue;
@@ -430,7 +468,7 @@ void start_accept_loop(int port, int (*f
if ((pid = fork()) == 0) {
int ret;
- close(s);
+ close(s[i]);
/* open log file in child before possibly giving
up privileges */
log_open();
@@ -452,6 +490,7 @@ void start_accept_loop(int port, int (*f
close(fd);
}
}
+ free(s);
}