From 41fcebecad5b9af633d6589665c8ce8aeb2a4a932c83f3f824ed29532b6122aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Tue, 28 Nov 2017 17:10:20 +0000 Subject: [PATCH] Accepting request 546255 from home:pmonrealgonzalez:branches:network - Security fix [bsc#1066644, CVE-2017-16548] * Missing trailing '\0' character check could lead to remote DoS * Added rsync-CVE-2017-16548.patch OBS-URL: https://build.opensuse.org/request/show/546255 OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=61 --- rsync-CVE-2017-16548.patch | 27 +++++++++++++++++++++++++++ rsync.changes | 7 +++++++ rsync.spec | 3 +++ 3 files changed, 37 insertions(+) create mode 100644 rsync-CVE-2017-16548.patch diff --git a/rsync-CVE-2017-16548.patch b/rsync-CVE-2017-16548.patch new file mode 100644 index 0000000..bd449ee --- /dev/null +++ b/rsync-CVE-2017-16548.patch @@ -0,0 +1,27 @@ +From 47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Sun, 5 Nov 2017 11:33:15 -0800 +Subject: [PATCH 1/1] Enforce trailing \0 when receiving xattr name values. + Fixes bug 13112. + +--- + xattrs.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/xattrs.c b/xattrs.c +index 68305d7..4867e6f 100644 +--- a/xattrs.c ++++ b/xattrs.c +@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file) + out_of_memory("receive_xattr"); + name = ptr + dget_len + extra_len; + read_buf(f, name, name_len); ++ if (name_len < 1 || name[name_len-1] != '\0') { ++ rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n"); ++ exit_cleanup(RERR_FILEIO); ++ } + if (dget_len == datum_len) + read_buf(f, ptr, dget_len); + else { +-- +1.9.1 diff --git a/rsync.changes b/rsync.changes index 9e07243..d45559f 100644 --- a/rsync.changes +++ b/rsync.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Nov 28 16:18:45 UTC 2017 - pmonrealgonzalez@suse.com + +- Security fix [bsc#1066644, CVE-2017-16548] + * Missing trailing '\0' character check could lead to remote DoS + * Added rsync-CVE-2017-16548.patch + ------------------------------------------------------------------- Tue Jul 25 11:55:53 UTC 2017 - tchvatal@suse.com diff --git a/rsync.spec b/rsync.spec index d9284ce..b760832 100644 --- a/rsync.spec +++ b/rsync.spec @@ -40,6 +40,8 @@ Patch0: rsync-no-libattr.patch #PATCH-FIX-SUSE boo#922710 slp Patch1: rsync-add_back_use_slp_directive.patch Patch2: rsync-both-compressions.patch +#PATCH-FIX-UPSTREAM CVE-2017-16548 bsc#1066644 Missing trailing '\0' check could lead to remote DoS +Patch3: rsync-CVE-2017-16548.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libacl-devel @@ -73,6 +75,7 @@ patch -p1 < patches/slp.diff patch -p1 < patches/time-limit.diff %patch0 -p1 %patch2 -p1 +%patch3 -p1 %build autoreconf -fiv