rsync/rsync-CVE-2024-12086_01.patch

From 3feb8669d875d03c9ceb82e208ef40ddda8eb908 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <andrew@tridgell.net>
Date: Sat, 23 Nov 2024 11:08:03 +1100
Subject: [PATCH 1/4] refuse fuzzy options when fuzzy not selected

this prevents a malicious server providing a file to compare to when
the user has not given the fuzzy option
---
 receiver.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/receiver.c b/receiver.c
index 6b4b369e..2d7f6033 100644
--- a/receiver.c
+++ b/receiver.c
@@ -66,6 +66,7 @@ extern char sender_file_sum[MAX_DIGEST_LEN];
 extern struct file_list *cur_flist, *first_flist, *dir_flist;
 extern filter_rule_list daemon_filter_list;
 extern OFF_T preallocated_len;
+extern int fuzzy_basis;
 
 extern struct name_num_item *xfer_sum_nni;
 extern int xfer_sum_len;
@@ -716,6 +717,10 @@ int recv_files(int f_in, int f_out, char *local_name)
 				fnamecmp = get_backup_name(fname);
 				break;
 			case FNAMECMP_FUZZY:
+				if (fuzzy_basis == 0) {
+					rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname);
+					exit_cleanup(RERR_PROTOCOL);
+				}
 				if (file->dirname) {
 					pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname);
 					fnamecmp = fnamecmpbuf;
-- 
2.34.1
- Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links * Added rsync-CVE-2024-12747.patch - Security update, fix multiple vulnerabilities: * CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links * CVE-2024-12088, bsc#1234104 - --safe-links Bypass * Added rsync-CVE-2024-12084-overflow-01.patch * Added rsync-CVE-2024-12084-overflow-02.patch * Added rsync-CVE-2024-12085.patch * Added rsync-CVE-2024-12086_01.patch * Added rsync-CVE-2024-12086_02.patch * Added rsync-CVE-2024-12086_03.patch * Added rsync-CVE-2024-12086_04.patch * Added rsync-CVE-2024-12087_01.patch * Added rsync-CVE-2024-12087_02.patch * Added rsync-CVE-2024-12088.patch OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=129 2025-01-15 08:07:45 +00:00			`From 3feb8669d875d03c9ceb82e208ef40ddda8eb908 Mon Sep 17 00:00:00 2001`
			`From: Andrew Tridgell <andrew@tridgell.net>`
			`Date: Sat, 23 Nov 2024 11:08:03 +1100`
			`Subject: [PATCH 1/4] refuse fuzzy options when fuzzy not selected`

			`this prevents a malicious server providing a file to compare to when`
			`the user has not given the fuzzy option`
			`---`
			`receiver.c \| 5 +++++`
			`1 file changed, 5 insertions(+)`

			`diff --git a/receiver.c b/receiver.c`
			`index 6b4b369e..2d7f6033 100644`
			`--- a/receiver.c`
			`+++ b/receiver.c`
			`@@ -66,6 +66,7 @@ extern char sender_file_sum[MAX_DIGEST_LEN];`
			`extern struct file_list cur_flist, first_flist, *dir_flist;`
			`extern filter_rule_list daemon_filter_list;`
			`extern OFF_T preallocated_len;`
			`+extern int fuzzy_basis;`

			`extern struct name_num_item *xfer_sum_nni;`
			`extern int xfer_sum_len;`
			`@@ -716,6 +717,10 @@ int recv_files(int f_in, int f_out, char *local_name)`
			`fnamecmp = get_backup_name(fname);`
			`break;`
			`case FNAMECMP_FUZZY:`
			`+ if (fuzzy_basis == 0) {`
			`+ rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname);`
			`+ exit_cleanup(RERR_PROTOCOL);`
			`+ }`
			`if (file->dirname) {`
			`pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname);`
			`fnamecmp = fnamecmpbuf;`
			`--`
			`2.34.1`