From 0b61dfd18ee9cb33f158d53c4f8bfbb7f41b3590 Mon Sep 17 00:00:00 2001 From: Eric Bollengier Date: Fri, 5 Aug 2022 09:52:28 +0200 Subject: [PATCH] Fix org#2655 About incorrect definition of MAX_FOPTS This triggers a stack buffer overflow bug in send_fileset. The problem is that dird/fd_cmds.c includes findlib/find.h, which contains a definition of MAX_FOPTS: Thanks to Larry and Martin. --- bacula/src/baconfig.h | 8 ++++++++ bacula/src/dird/dird_conf.h | 4 ---- bacula/src/findlib/find.h | 8 -------- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/bacula/src/baconfig.h b/bacula/src/baconfig.h index 9aaed0eae..291e5ac0a 100644 --- a/bacula/src/baconfig.h +++ b/bacula/src/baconfig.h @@ -186,6 +186,14 @@ void InitWinAPIWrapper(); /* Use the following for strings not to be translated */ #define NT_(s) (s) +/* Maximum number of fileset options + * FileSet definitions very similar to the resource + * contained in the Director because the components + * of the structure are passed by the Director to the + * File daemon and recompiled back into this structure + */ +#define MAX_FOPTS 50 + /* This should go away! ****FIXME***** */ #define MAXSTRING 500 diff --git a/bacula/src/dird/dird_conf.h b/bacula/src/dird/dird_conf.h index 1042e3647..cfce7e9e4 100644 --- a/bacula/src/dird/dird_conf.h +++ b/bacula/src/dird/dird_conf.h @@ -566,10 +566,6 @@ enum { INC_KW_MAX /* Keep this last */ }; - -#undef MAX_FOPTS -#define MAX_FOPTS 50 - /* File options structure */ struct FOPTS { char opts[MAX_FOPTS]; /* options string */ diff --git a/bacula/src/findlib/find.h b/bacula/src/findlib/find.h index 79ca579ab..1b118bb2b 100644 --- a/bacula/src/findlib/find.h +++ b/bacula/src/findlib/find.h @@ -78,14 +78,6 @@ struct s_excluded_file { char fname[1]; }; -/* FileSet definitions very similar to the resource - * contained in the Director because the components - * of the structure are passed by the Director to the - * File daemon and recompiled back into this structure - */ -#undef MAX_FOPTS -#define MAX_FOPTS 30 - enum { state_none, state_options, -- 2.47.3