long names gotcha

Ben Escoto bescoto@stanford.edu
Tue, 30 Apr 2002 01:22:58 -0700

Content-Type: multipart/mixed; boundary="----- =_aaaaaaaaaa0"
Content-Id: <14342.1020154971.0@folly.Stanford.EDU>

------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <14342.1020154971.1@folly.Stanford.EDU>

>>>>> "JH" == Jamie Heilman <jamie@audible.transient.net>
>>>>> wrote the following on Tue, 30 Apr 2002 00:29:04 -0700

  JH> Lucky me hit another edge case.  A new directory was created and
  JH> in it a file with a name 242 characters long.  rdiff-backup
  JH> added 34 characters (.<timestamp>.missing) and then promptly
  JH> blew up.  This introduces an interesting limitation.  And an
  JH> even more interesting denial of service attack on multiuser
  JH> systems.  I'd suggest defanging this by calculating final name
  JH> length beforehand and checking it against the system maximum.
  JH> For bonus points figure out a way to store the diff meta-data
  JH> somewhere other than in the filename I guess.

I guess I always knew of that possibility, but was deep down hoping it
would Never Happen.  Anyway, the attached patch should make
rdiff-backup just skip any files whose names are too long.  After all,
obviously any file with such a long name couldn't be very important!

    Do you know how to get the system maximum by any chance?  Or just
do a:

i = 1
while 1:
    try: open("a"*i, "w")
    except IOError: return i
    i += 1

(Just because this is a joke doesn't mean I can actually think of a
better way.)

Ben Escoto

------- =_aaaaaaaaaa0
Content-Type: text/patch; charset="us-ascii"
Content-ID: <14342.1020154971.2@folly.Stanford.EDU>
Content-Description: long-filenames.patch

--- rdiff-backup	Tue Apr 30 01:14:33 2002
+++ rdiff-backup.new	Tue Apr 30 01:14:07 2002
@@ -5065,8 +5065,9 @@
 							 5,  # Reported by docv (see list)
 							 13, # Permission denied IOError
 							 20, # Means a directory changed to non-dir
-							 26] # Requested by Campbell (see list) -
+							 26, # Requested by Campbell (see list) -
                                  # happens on some NT systems
+							 36] # file name too long
 				Log("Skipping file because of error after %s" %
 					(dsrp and dsrp.index,), 2)

------- =_aaaaaaaaaa0--

Content-Type: application/pgp-signature

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.5 01/15/2001