Accepting request 567409 from home:pmonrealgonzalez:branches:network

- Security fix: Ignore --protect-args when already sent by client [bsc#1076503, CVE-2018-5764] * Added patch rsync-3.1.2-CVE-2018-5764.patch OBS-URL: https://build.opensuse.org/request/show/567409 OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=65
2018-01-18 12:28:08 +00:00 · 2018-01-18 12:28:08 +00:00 · 222f5d35e7
commit 222f5d35e7
parent 76fa06662a
3 changed files with 48 additions and 0 deletions
--- a/rsync-3.1.2-CVE-2018-5764.patch
+++ b/rsync-3.1.2-CVE-2018-5764.patch
@ -0,0 +1,38 @@
+From 7706303828fcde524222babb2833864a4bd09e07 Mon Sep 17 00:00:00 2001
+From: Jeriko One <jeriko.one@gmx.us>
+Date: Mon, 20 Nov 2017 14:42:30 -0800
+Subject: [PATCH 1/1] Ignore --protect-args when already sent by client
+
+In parse_arguments when --protect-args is encountered the function exits
+early. The caller is expected to check protect_args, and recall
+parse_arguments setting protect_args to 2. This patch prevents the
+client from resetting protect_args during the second pass of
+parse_arguments. This prevents parse_arguments returning early the
+second time before it's able to sanitize the arguments it received.
+---
+ options.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+Index: rsync-3.1.2/options.c
+===================================================================
+--- rsync-3.1.2.orig/options.c
+++ rsync-3.1.2/options.c
+@@ -1304,6 +1304,7 @@ int parse_arguments(int *argc_p, const c
+ 	const char *arg, **argv = *argv_p;
+ 	int argc = *argc_p;
+ 	int opt;
+	int orig_protect_args = protect_args;
+ 
+ 	if (ref && *ref)
+ 		set_refuse_options(ref);
+@@ -1933,6 +1934,10 @@ int parse_arguments(int *argc_p, const c
+ 	if (fuzzy_basis > 1)
+ 		fuzzy_basis = basis_dir_cnt + 1;
+ 
+	/* Don't let the client reset protect_args if it was already processed */
+	if (orig_protect_args == 2 && am_server)
+	   protect_args = orig_protect_args;
+
+ 	if (protect_args == 1 && am_server)
+ 		return 1;
+ 
--- a/rsync.changes
+++ b/rsync.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jan 18 12:13:48 UTC 2018 - pmonrealgonzalez@suse.com
+
+- Security fix: Ignore --protect-args when already sent by client
+  [bsc#1076503, CVE-2018-5764]
+  * Added patch rsync-3.1.2-CVE-2018-5764.patch
+
 -------------------------------------------------------------------
 Tue Jan  9 17:07:12 UTC 2018 - pmonrealgonzalez@suse.com

--- a/rsync.spec
+++ b/rsync.spec
@ -45,6 +45,8 @@ Patch3:         rsync-CVE-2017-16548.patch
 #PATCH-FIX-UPSTREAM bcs#1062063 rsync doesn't stop on errors
 Patch4:         rsync-send_error_to_sender.patch
 Patch5:         rsync-avoid-uploading-after-error.patch
+#PATCH-FIX-UPSTREAM bcs#1076503 CVE-2018-5764 parse_arguments function does not prevent multiple --protect-arg
+Patch6:         rsync-3.1.2-CVE-2018-5764.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libacl-devel
@ -81,6 +83,7 @@ patch -p1 < patches/time-limit.diff
 %patch3 -p1
 %patch4
 %patch5
+%patch6 -p1

 %build
 autoreconf -fiv