buffer overflow patches from mhpower@mit.edu (Matt Power)

diff --git a/flist.c b/flist.c
index ef1d098..c59d934 100644 (file)
--- a/flist.c
+++ b/flist.c
@@ -373,14 +373,23 @@ static void send_directory(int f,struct file_list *flist,char *dir)
   fname[MAXPATHLEN-1]=0;
   l = strlen(fname);
   if (fname[l-1] != '/') {
+        if (l == MAXPATHLEN-1) {
+              fprintf(FERROR,"skipping long-named directory %s\n",fname);
+              closedir(d);
+              return;
+        }
          strcat(fname,"/");
          l++;
   }
   p = fname + strlen(fname);
 
   if (cvs_exclude) {
-    strcpy(p,".cvsignore");
-    local_exclude_list = make_exclude_list(fname,NULL,0);
+    if (strlen(fname) + strlen(".cvsignore") <= MAXPATHLEN-1) {
+      strcpy(p,".cvsignore");
+      local_exclude_list = make_exclude_list(fname,NULL,0);
+    } else {
+      fprintf(FERROR,"cannot cvs-exclude in long-named directory %s\n",fname);
+    }
   }  
 
   for (di=readdir(d); di; di=readdir(d)) {

diff --git a/rsync.c b/rsync.c
index 21e416a..6e7f936 100644 (file)
--- a/rsync.c
+++ b/rsync.c
@@ -803,6 +803,11 @@ off_t send_files(struct file_list *flist,int f_out,int f_in)
       if (file->dir) {
        strncpy(fname,file->dir,MAXPATHLEN-1);
        fname[MAXPATHLEN-1] = 0;
+      if (strlen(fname) == MAXPATHLEN-1) {
+        fprintf(FERROR, "send_files failed on long-named directory %s\n",
+                fname);
+        return -1;
+      }
        strcat(fname,"/");
       }
       strncat(fname,file->name,MAXPATHLEN-strlen(fname));