https://bugzilla.samba.org/show_bug.cgi?id=7869
------- Comment #5 from p...@debian.org 2010-12-15 15:14 CST -------
(In reply to comment #3)
> I see what is happening. options.c:1496:
>
> backup_dir_remainder = sizeof backup_dir_buf - backup_dir_len;
> if (backup_dir_remainder < 32) {
> snprintf(err_buf, sizeof err_buf,
> "the --backup-dir path is WAY too long.\n");
> return 0;
> }
>
> But backup_dir_remainder is unsigned, so the subtraction overflows and the
> error message does not trip.
I would have expected strlcpy() to limit the return value to the bufsize passed
as last argument, but at least the lib/compat.c version doesn't, and
contradicts the comments there in doing so ("@return index of the terminating
byte"). If it had done that, it would have limited the result of the
subtraction to >= 0.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
