From: Wayne Davison <wayned@samba.org>
Date: Fri, 13 Oct 2006 01:22:48 +0000 (+0000)
Subject: Fixed an infinite loop in parse_rule() when a filter rule is too
X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/commitdiff_plain/969f7ed5b798d429236c8350e417b58172293a7f

Fixed an infinite loop in parse_rule() when a filter rule is too
longer for MAXPATHLEN.  Also fixed a couple spots nearby that were
erroneously treating pointer "cp" as a '\0'-terminated string.
---

diff --git a/exclude.c b/exclude.c
index 38bbd0cb..1541df77 100644
--- a/exclude.c
+++ b/exclude.c
@@ -906,12 +906,14 @@ void parse_rule(struct filter_list_struct *listp, const char *pattern,
 				    &pat_len, &new_mflags);
 		if (!cp)
 			break;
+
+		pattern = cp + pat_len;
+
 		if (pat_len >= MAXPATHLEN) {
-			rprintf(FERROR, "discarding over-long filter: %s\n",
-				cp);
+			rprintf(FERROR, "discarding over-long filter: %.*s\n",
+				pat_len, cp);
 			continue;
 		}
-		pattern = cp + pat_len;
 
 		if (new_mflags & MATCHFLG_CLEAR_LIST) {
 			if (verbose > 2) {
@@ -931,11 +933,9 @@ void parse_rule(struct filter_list_struct *listp, const char *pattern,
 			}
 			len = pat_len;
 			if (new_mflags & MATCHFLG_EXCLUDE_SELF) {
-				const char *name = strrchr(cp, '/');
-				if (name)
-					len -= ++name - cp;
-				else
-					name = cp;
+				const char *name = cp + len;
+				while (name > cp && name[-1] != '/') name--;
+				len -= name - cp;
 				add_rule(listp, name, len, 0, 0);
 				new_mflags &= ~MATCHFLG_EXCLUDE_SELF;
 				len = pat_len;