[29099] trunk/dports/net/rsync

Fri Sep 14 21:30:07 PDT 2007

Revision: 29099
          http://trac.macosforge.org/projects/macports/changeset/29099
Author:   takanori at macports.org
Date:     2007-09-14 21:30:06 -0700 (Fri, 14 Sep 2007)

Log Message:
-----------
Fixed multiple off-by-one errors in sender.c. (CVE-2007-4091)
Ticket:	       		  #12616

Modified Paths:
--------------
    trunk/dports/net/rsync/Portfile

Added Paths:
-----------
    trunk/dports/net/rsync/files/rsync-2.6.9-fname-obo.diff

Modified: trunk/dports/net/rsync/Portfile
===================================================================

--- trunk/dports/net/rsync/Portfile	2007-09-15 02:25:11 UTC (rev 29098)
+++ trunk/dports/net/rsync/Portfile	2007-09-15 04:30:06 UTC (rev 29099)
@@ -4,6 +4,7 @@
 
 name			rsync
 version			2.6.9
+revision		1
 categories		net
 platforms		darwin freebsd sunos
 maintainers		mww at macports.org
@@ -22,9 +23,12 @@
 				ftp://ftp.sunet.se/pub/unix/admin/rsync/  \
 				ftp://ftp.fu-berlin.de/pub/unix/network/rsync/
 checksums		sha1 341618e230ea2e0e551d0ccf06f840d4f824c843
+patchfiles		rsync-2.6.9-fname-obo.diff
 
 depends_lib		port:popt
 
+patch.pre_args		-p1
+
 configure.args	--mandir=${prefix}/share/man \
 				--with-rsyncd-conf=${prefix}/etc/rsyncd.conf \
 				--enable-ipv6

Added: trunk/dports/net/rsync/files/rsync-2.6.9-fname-obo.diff
===================================================================
--- trunk/dports/net/rsync/files/rsync-2.6.9-fname-obo.diff	                        (rev 0)
+++ trunk/dports/net/rsync/files/rsync-2.6.9-fname-obo.diff	2007-09-15 04:30:06 UTC (rev 29099)
@@ -0,0 +1,60 @@
+--- rsync-2.6.9.orig/sender.c	2006-09-20 03:53:32.000000000 +0200
++++ rsync-2.6.9/sender.c	2007-07-25 15:33:05.000000000 +0200
+@@ -123,6 +123,7 @@
+ 	char fname[MAXPATHLEN];
+ 	struct file_struct *file;
+ 	unsigned int offset;
++	size_t l = 0;
+ 
+ 	if (ndx < 0 || ndx >= the_file_list->count)
+ 		return;
+@@ -133,6 +134,20 @@
+ 				    file->dir.root, "/", NULL);
+ 	} else
+ 		offset = 0;
++
++	l = offset + 1;
++	if (file) {
++		if (file->dirname)
++			l += strlen(file->dirname);
++		if (file->basename)
++			l += strlen(file->basename);
++	}
++
++	if (l >= sizeof(fname)) {
++		rprintf(FERROR, "Overlong pathname\n");
++		exit_cleanup(RERR_FILESELECT);
++	}
++
+ 	f_name(file, fname + offset);
+ 	if (remove_source_files) {
+ 		if (do_unlink(fname) == 0) {
+@@ -224,6 +239,7 @@
+ 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
+ 	int f_xfer = write_batch < 0 ? batch_fd : f_out;
+ 	int i, j;
++	size_t l = 0;
+ 
+ 	if (verbose > 2)
+ 		rprintf(FINFO, "send_files starting\n");
+@@ -259,6 +275,20 @@
+ 				fname[offset++] = '/';
+ 		} else
+ 			offset = 0;
++
++		l = offset + 1;
++		if (file) {
++			if (file->dirname)
++				l += strlen(file->dirname);
++			if (file->basename)
++				l += strlen(file->basename);
++		}
++
++		if (l >= sizeof(fname)) {
++			rprintf(FERROR, "Overlong pathname\n");
++			exit_cleanup(RERR_FILESELECT);
++		}
++
+ 		fname2 = f_name(file, fname + offset);
+ 
+ 		if (verbose > 2)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/macports-changes/attachments/20070914/994defc2/attachment.html
