mirror/rsync
1
0
Fork 0
mirror of https://github.com/RsyncProject/rsync.git synced 2026-05-30 17:58:10 -04:00
Code Issues Packages Projects Releases Wiki Activity
7,413 Commits 8 Branches 175 Tags
36860669cceaa2ca7cc84367d1fb8a3655560300
Commit Graph

162 Commits

Author SHA1 Message Date
Andrew Tridgell
36860669cc socket: reject over-long proxy response line 
fixes a one byte stack overflow when using RSYNC_PROXY with a
malicious proxy.

Reach: only when RSYNC_PROXY is set and a malicious or MITM'd
proxy returns the pathological response.  The byte written is
always '\0' and the attacker doesn't choose the offset, so impact
is corruption of one adjacent stack byte and possible later
misbehaviour or crash -- no information disclosure beyond the
existing rprintf of buffer contents.

Reported by Aisle Research via Michal Ruprich
 2026-05-15 12:01:21 +10:00
Wayne Davison
11eb67eec9 Some memory allocation improvements 
- All the memory-allocation macros now auto-check for failure and exit
   with a failure message that incudes the caller's file and lineno
   info.  This includes strdup().

 - Added the `--max-alloc=SIZE` option to be able to override the memory
   allocator's sanity-check limit.  It defaults to 1G (as before).
   Fixes bugzilla bug 12769.
 2020-06-25 20:54:21 -07:00
Wayne Davison
e63ff70eae Some indentation fixes. 2020-06-13 19:15:02 -07:00
Wayne Davison
b177311aee Use a lock to not fail on a left-over pid file. 2020-06-04 19:08:03 -07:00
Wayne Davison
f5446552f3 Silence gcc7.1 warnings about snprintf(). 2020-05-29 14:18:08 -07:00
Wayne Davison
3ba4db7030 Two more spelling fixes and some year updates. 2020-04-16 09:31:02 -07:00
Wayne Davison
3e2e4b5a33 Tweak the copyright year. 2019-03-16 09:15:49 -07:00
Wayne Davison
5df9847f06 Allow some pre-/post-xfer exec shell restrictions. 
Support both RSYNC_SHELL & RSYNC_NO_XFER_EXEC environment variables.
 2018-03-25 11:02:50 -07:00
Wayne Davison
473108ae6e Tweak copyright date. 2018-01-14 19:55:07 -08:00
Wayne Davison
453914e35b Update the copyright year. 2015-08-08 12:47:03 -07:00
Wayne Davison
23afe20780 Brant Gurganus's autoconf updates. 
This improves some obsolete autoconf macros and increases the minimum
autoconf version from 2.60 to 2.69.  Fixes bug 11369.
 2015-07-07 10:37:12 -07:00
Wayne Davison
dfa5b49110 Bump the year to 2014. 2014-01-26 09:29:15 -08:00
Wayne Davison
7e1a9c4d79 Update copyright year. 2013-01-19 11:05:53 -08:00
Wayne Davison
fb0d4403f0 Fix misplaced parens on getnameinfo() call. 2011-08-06 11:21:40 -07:00
Wayne Davison
0a77adee0b Fix Minix build errors. Fixes bug 8313. 2011-07-22 11:17:57 -07:00
Wayne Davison
0a04a80d9f Replace another inet_ntop() call with getnameinfo(). 2011-07-16 16:16:04 -07:00
Wayne Davison
7ae666d2a7 Add more connect debug info, as Carlos suggested. 2011-07-12 16:02:31 -07:00
Wayne Davison
fbf4c261f4 Move freeaddrinfo() call after failure-reporting loop. 2011-07-11 18:15:51 -07:00
Wayne Davison
050e5334d8 Added "listen backlog" daemon config paramater. 2011-01-03 19:42:27 -08:00
Wayne Davison
1c99b1d956 Report all socket connection errors if we fail. 
Fixes bug 6588.
 2011-01-01 14:00:40 -08:00
Wayne Davison
292a5c2b72 Fix a couple socketpair_tcp() issues (see bug 7514). 2010-06-19 09:39:55 -07:00
Matt McCutchen
bb499bd7a0 Handle simultaneous arrival of multiple connections. 2009-01-13 09:42:54 -08:00
Wayne Davison
b3bf9b9df9 Update the copyright year. 2009-01-03 10:57:14 -08:00
Wayne Davison
9411292489 Fixed a bunch of "warn_unused_result" compiler warnings. 2008-11-09 18:56:21 -08:00
Wayne Davison
5dd14f0c33 Split up the ifuncs.h file into 3 .h files. 2008-09-01 19:11:36 -07:00
Wayne Davison
951e826b75 Added the --info=FLAGS an --debug=FLAGS options, which allows 
fine-grained output control (in addition to the coarse -v).
 2008-07-13 20:51:08 -07:00
Wayne Davison
1c3e6e8b26 Moved the setting of the socket options before the connect(). 2008-04-15 08:34:17 -07:00
Wayne Davison
d3d07a5e86 Include 2008 in the copyright years. 2008-03-01 12:01:41 -08:00
Wayne Davison
ba22c9e219 Adding --contimeout=SECONDS option. 2007-11-28 00:28:26 -08:00
Wayne Davison
5621e5105a Moved become_daemon() into clientserver.c. 2007-09-30 06:57:12 +00:00
Wayne Davison
1b42f628f4 Moved inline functions from rsync.h into ifuncs.h. 2007-09-22 16:52:58 +00:00
Wayne Davison
4eff3051a0 Fixed a null-pointer dereference pointed out by Olivier Thauvin. 2007-08-16 01:22:46 +00:00
Wayne Davison
e5f1a96ff8 Added support for a %H escape in the value of the RSYNC_CONNECT_PROG 
environment variable.
 2007-08-11 16:20:56 +00:00
Wayne Davison
8e41b68e8f Tweaking the license text a bit more. 2007-07-10 13:55:49 +00:00
Wayne Davison
4fd842f98d Switching to GPL 3. 2007-07-07 05:33:14 +00:00
Wayne Davison
332cf6df7c The --iconv option has now made it to the trunk. 2007-04-26 05:53:13 +00:00
Wayne Davison
ba2133d6ad Further modifications to the copyright comment section. 2007-02-04 14:54:58 +00:00
Wayne Davison
2dc7b8bd0e Got rid of type-casting into isFOO() and toFOO() functions by 
using static inline functions that take a signed char pointer.
 2006-11-09 02:39:29 +00:00
Wayne Davison
0f5c1c193a Need to include netinet/tcp.h to get TCP_NODELAY defined. 2006-10-31 19:21:57 +00:00
Wayne Davison
e7c67065c0 Updated the FSF's address to an even newer one. 2006-04-25 23:51:12 +00:00
Wayne Davison
0f78b81511 - Updated the address for the FSF in the opening comment. 
- Standardized the format of the opening comment, including adding a
  brief description of what's in the file for those that lacked it.
- Added some missing copyright lines.
- Some minor whitespace tweaks (in a few of the files).
 2006-04-25 20:23:34 +00:00
Wayne Davison
5899b8cf3e Moved the include of netinet/ip.h here along with its apparent 
prerequisite, netinet/in_systm.h .
 2006-04-11 00:48:28 +00:00
Wayne Davison
e2d774cdd7 Improved the bind()-failure message to mention what family failed. 2006-04-02 21:15:37 +00:00
Wayne Davison
5c6d46329b If open_socket_in() fails, we now log the reasons why. 2006-03-22 17:48:59 +00:00
Wayne Davison
8030b28ff8 Make extra sure that authbuf can't overflow. 2006-03-07 08:46:29 +00:00
Wayne Davison
6854bf69a8 Call base4_encode() with "1" for its new "pad" arg so that the 
Proxy-Authorization header is properly padded with trailing '='
chars.
 2006-03-06 18:22:26 +00:00
Wayne Davison
44e604f416 Simplified the conditional prior to the SIGACTION code. 2006-02-03 18:46:38 +00:00
Wayne Davison
2b28968dfb Call SIGACTION() instead of signal(). 2006-02-02 02:39:25 +00:00
Wayne Davison
86fc7e6880 Got rid of a superfluous newline. 2005-11-10 16:47:52 +00:00
Wayne Davison
8ee6adefe3 Call logfile_close() and logfile_reopen() (tweaked function names). 2005-04-14 16:08:12 +00:00