The Samba-Bugzilla – Attachment 7175 Details for
Bug 8654
link-by-hash: Fix (non-exploitable) buffer overflow
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Improve generation of hash file name
0001-Improve-generation-of-hash-file-name.patch (text/plain), 1.62 KB, created by
Chris Dunlop
on 2011-12-13 02:48:36 UTC
(
hide
)
Description:
Improve generation of hash file name
Filename:
MIME Type:
Creator:
Chris Dunlop
Created:
2011-12-13 02:48:36 UTC
Size:
1.62 KB
patch
obsolete
>From 563f0e4115d0a7c22242d3f45ee2fdb365d82afc Mon Sep 17 00:00:00 2001 >From: Chris Dunlop <chris@onthe.net.au> >Date: Tue, 13 Dec 2011 11:39:33 +1100 >Subject: [PATCH] Improve generation of hash file name > >Use the calculated checksum_len rather than assuming 16 bytes. > >Use assert() to check for buffer overflow > >Use sprintf() rather than hand-rolled binary-to-text. This is not in a >critical performance path. > >Signed-off-by: Chris Dunlop <chris@onthe.net.au> >--- > hashlink.c | 21 +++++++++------------ > 1 files changed, 9 insertions(+), 12 deletions(-) > >diff --git a/hashlink.c b/hashlink.c >index 12cc39b..3f98beb 100644 >--- a/hashlink.c >+++ b/hashlink.c >@@ -21,27 +21,24 @@ > #include "rsync.h" > > extern char *link_by_hash_dir; >+extern int checksum_len; > > #ifdef HAVE_LINK > > char *make_hash_name(struct file_struct *file) > { >- char hash[(MAX_DIGEST_LEN * 2) + 2], *dst; >- uchar c, *src = (uchar*)F_SUM(file); >+ char hash[(MAX_DIGEST_LEN * 2) + 2], *dst = hash; >+ uchar *src = (uchar*)F_SUM(file); > int i; > >- for (dst = hash, i = 0; i < 4; i++, src++) { >- c = *src >> 4; >- *(dst++) = (c >= 10) ? (c - 10 + 'a') : (c + '0'); >- c = *src & 0x0f; >- *(dst++) = (c >= 10) ? (c - 10 + 'a') : (c + '0'); >+ assert((uint)((checksum_len * 2) + 2) <= sizeof(hash)); >+ >+ for (i = 0; i < 4; i++) { >+ dst += sprintf(dst, "%02x", (int)CVAL(src, i)); > } > *dst++ = '/'; >- for (i = 0; i < 12; i++, src++) { >- c = *src >> 4; >- *(dst++) = (c >= 10) ? (c - 10 + 'a') : (c + '0'); >- c = *src & 0x0f; >- *(dst++) = (c >= 10) ? (c - 10 + 'a') : (c + '0'); >+ for ( ; i < checksum_len; i++) { >+ dst += sprintf(dst, "%02x", (int)CVAL(src, i)); > } > *dst = 0; > >-- >1.7.0.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 8654
:
7167
|
7168
|
7169
|
7170
|
7173
|
7174
| 7175 |
7176
|
7177
|
7202