long names gotcha
Tue, 30 Apr 2002 01:22:58 -0700
Content-Type: multipart/mixed; boundary="----- =_aaaaaaaaaa0"
Content-Type: text/plain; charset="us-ascii"
>>>>> "JH" == Jamie Heilman <firstname.lastname@example.org>
>>>>> wrote the following on Tue, 30 Apr 2002 00:29:04 -0700
JH> Lucky me hit another edge case. A new directory was created and
JH> in it a file with a name 242 characters long. rdiff-backup
JH> added 34 characters (.<timestamp>.missing) and then promptly
JH> blew up. This introduces an interesting limitation. And an
JH> even more interesting denial of service attack on multiuser
JH> systems. I'd suggest defanging this by calculating final name
JH> length beforehand and checking it against the system maximum.
JH> For bonus points figure out a way to store the diff meta-data
JH> somewhere other than in the filename I guess.
I guess I always knew of that possibility, but was deep down hoping it
would Never Happen. Anyway, the attached patch should make
rdiff-backup just skip any files whose names are too long. After all,
obviously any file with such a long name couldn't be very important!
Do you know how to get the system maximum by any chance? Or just
i = 1
try: open("a"*i, "w")
except IOError: return i
i += 1
(Just because this is a joke doesn't mean I can actually think of a
Content-Type: text/patch; charset="us-ascii"
--- rdiff-backup Tue Apr 30 01:14:33 2002
+++ rdiff-backup.new Tue Apr 30 01:14:07 2002
@@ -5065,8 +5065,9 @@
5, # Reported by docv (see list)
13, # Permission denied IOError
20, # Means a directory changed to non-dir
- 26] # Requested by Campbell (see list) -
+ 26, # Requested by Campbell (see list) -
# happens on some NT systems
+ 36] # file name too long
Log("Skipping file because of error after %s" %
(dsrp and dsrp.index,), 2)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.5 01/15/2001
-----END PGP SIGNATURE-----