rsync buffer overflow issue The receive_xattr() function creates a buffer by adding two integer variables together without verifying the resultant sum hasn't caused an integer overflow. The fix, which is a patch of a patch is here: http://cvs.samba.org/cgi-bin/cvsweb/rsync/patches/xattrs.diff.diff?r1=1.23&r2=1.24 Only the last few lines matter for this patch, the rest is the result of making a minor modification in a patch.