From langd@leo.org  Fri Mar  1 12:31:57 2002
Return-Path: <langd@leo.org>
Received: from mailout.informatik.tu-muenchen.de (mailout.informatik.tu-muenchen.de [131.159.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id 28AF837B402
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  1 Mar 2002 12:31:56 -0800 (PST)
Received: from mail.leo.org (atleo2.leo.org [131.159.72.4])
	by mailout.informatik.tu-muenchen.de (Postfix) with SMTP id E54B86173
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  1 Mar 2002 21:31:54 +0100 (MET)
Received: (qmail 66349 invoked from network); 1 Mar 2002 20:31:54 -0000
Received: from atleo5.leo.org (postfix@131.159.72.36)
  by mail.leo.org with SMTP; 1 Mar 2002 20:31:54 -0000
Received: by atleo5.leo.org (Postfix, from userid 20455)
	id 9D80E22E54; Fri,  1 Mar 2002 21:31:54 +0100 (CET)
Message-Id: <20020301203154.9D80E22E54@atleo5.leo.org>
Date: Fri,  1 Mar 2002 21:31:54 +0100 (CET)
From: Daniel Lang <langd@leo.org>
Reply-To: Daniel Lang <langd@leo.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: patch to rsync-2.5.2
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         35462
>Category:       ports
>Synopsis:       patch to rsync-2.5.2
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    obrien
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 01 12:40:01 PST 2002
>Closed-Date:    Tue Apr 02 07:31:14 PST 2002
>Last-Modified:  Tue Apr 02 07:31:14 PST 2002
>Originator:     Daniel Lang
>Release:        FreeBSD 4.5-STABLE i386
>Organization:
LEO
>Environment:
System: FreeBSD atleo5.leo.org 4.5-STABLE FreeBSD 4.5-STABLE #3: Tue Feb 5 14:43:14 CET 2002 root@:/usr/obj/usr/src/sys/ATLEO5 i386

>Description:
  There is a serious bug in 2.5.2 that can cause data
  corruption or crash of rsync in server mode.
  It may not occur on every platform, but I guess it
  should be included anyway. The fix was done by the
  NetBSD team, and I just used their patch from pkgsrc.

>How-To-Repeat:
  -
>Fix:

--- match.c.orig	Fri Jan 25 23:07:34 2002
+++ match.c	Wed Feb 27 03:38:46 2002
@@ -246,8 +246,11 @@
 		   match. The 3 reads are caused by the
 		   running match, the checksum update and the
 		   literal send. */
-		if (offset-last_match >= CHUNK_SIZE+s->n && 
-		    (end-offset > CHUNK_SIZE)) {
+		/* NOTE: If we just matched a block, then offset<last_match
+		   (by 1).  The arithmetic here must be ordered so that type
+		   promotions (s->n is unsigned) do not cause a false match. */
+		if (offset >= last_match+CHUNK_SIZE+s->n && 
+		    end > offset+CHUNK_SIZE) {
 			matched(f,s,buf,offset - s->n, -2);
 		}
 	} while (++offset < end);
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports->obrien 
Responsible-Changed-By: petef 
Responsible-Changed-When: Fri Mar 1 14:46:10 PST 2002 
Responsible-Changed-Why:  
Over to maintainer 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35462 
State-Changed-From-To: open->closed 
State-Changed-By: ijliao 
State-Changed-When: Tue Apr 2 07:30:33 PST 2002 
State-Changed-Why:  
rsync is 2.5.5 now, and I think the problem is solved :) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=35462 
>Unformatted:
