packages/rsync
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix overflow of sum2 buffer for sha1 rolling checksums.

Browse Source 
(cherry picked from commit 0003436db88b21aa28294ae174ef678d824bf17f)
This commit is contained in:
Wenhua Huang 2024-07-11 14:17:07 +08:00 committed by openeuler-sync-bot
parent 1ea9bd5be7
commit 2dc07284c9
2 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
backport-Fix-overflow-of-sum2-buffer-for-sha1-rolling-checksu.patch Normal file
View File

@ -0,0 +1,53 @@
From 0f599d3641bd197ff01f5182fad33169aa46a055 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayne@opencoder.net>
Date: Sat, 22 Apr 2023 08:49:48 -0700
Subject: [PATCH 1/1] Fix overflow of sum2 buffer for sha1 rolling checksums.
Fixed #353.
---
checksum.c | 1 +
generator.c | 2 +-
match.c | 2 +-
3 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/checksum.c b/checksum.c
index c6007f36..cd741d1b 100644
--- a/checksum.c
+++ b/checksum.c
@@ -300,6 +300,7 @@ uint32 get_checksum1(char *buf1, int32 len)
}
#endif
+/* The "sum" buffer must be at least MAX_DIGEST_LEN bytes! */
void get_checksum2(char *buf, int32 len, char *sum)
{
#ifdef USE_OPENSSL
diff --git a/generator.c b/generator.c
index 21c4a595..557769e6 100644
--- a/generator.c
+++ b/generator.c
@@ -783,7 +783,7 @@ static int generate_and_send_sums(int fd, OFF_T len, int f_out, int f_copy)
for (i = 0; i < sum.count; i++) {
int32 n1 = (int32)MIN(len, (OFF_T)sum.blength);
char *map = map_ptr(mapbuf, offset, n1);
- char sum2[SUM_LENGTH];
+ char sum2[MAX_DIGEST_LEN];
uint32 sum1;
len -= n1;
diff --git a/match.c b/match.c
index 6243994c..192b154a 100644
--- a/match.c
+++ b/match.c
@@ -142,7 +142,7 @@ static void hash_search(int f,struct sum_struct *s,
{
OFF_T offset, aligned_offset, end;
int32 k, want_i, aligned_i, backup;
- char sum2[SUM_LENGTH];
+ char sum2[MAX_DIGEST_LEN];
uint32 s1, s2, sum;
int more;
schar *map;
--
2.25.1

10
rsync.spec
View File

@ -1,6 +1,6 @@
Name: rsync Name: rsync
Version: 3.2.7 Version: 3.2.7
Release: 3 Release: 4
Summary: Fast incremental file transfer utility Summary: Fast incremental file transfer utility
License: GPL-3.0-or-later License: GPL-3.0-or-later
URL: http://rsync.samba.org/ URL: http://rsync.samba.org/
@ -11,6 +11,8 @@ Source3: rsyncd.conf
Source4: rsyncd.sysconfig Source4: rsyncd.sysconfig
Source5: rsyncd@.service Source5: rsyncd@.service
patch1: backport-Fix-overflow-of-sum2-buffer-for-sha1-rolling-checksu.patch
BuildRequires: git gcc systemd libacl-devel libattr-devel autoconf popt-devel BuildRequires: git gcc systemd libacl-devel libattr-devel autoconf popt-devel
BuildRequires: lz4-devel openssl-devel libzstd-devel BuildRequires: lz4-devel openssl-devel libzstd-devel
Provides: bundled(zlib) = 1.2.8 rsync-daemon Provides: bundled(zlib) = 1.2.8 rsync-daemon
@ -84,6 +86,12 @@ install -D -m644 %{SOURCE5} %{buildroot}/%{_unitdir}/rsyncd@.service
%{_mandir}/man5/rsyncd.conf.5* %{_mandir}/man5/rsyncd.conf.5*
%changelog %changelog
* Thu Jul 11 2024 Wenhua Huang <huangwenhua@kylinos.cn> - 3.2.7-4
- Type: bugfix
- CVE:NA
- SUG:NA
- DESC: Fix overflow of sum2 buffer for sha1 rolling checksums.
* Thu Feb 22 2024 Xiaoya Huang <huangxiaoya@iscas.ac.cn> - 3.2.7-3 * Thu Feb 22 2024 Xiaoya Huang <huangxiaoya@iscas.ac.cn> - 3.2.7-3
- Type: enhencement - Type: enhencement
- CVE: - CVE: