pool/rsync
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rsync/rsync-CVE-2024-12084-overflow-02.patch
Angel Yankov 04926b0b74 - Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links 
* Added rsync-CVE-2024-12747.patch

- Security update, fix multiple vulnerabilities:
  * CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing
  * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR
  * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files
  * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links
  * CVE-2024-12088, bsc#1234104 - --safe-links Bypass
  * Added rsync-CVE-2024-12084-overflow-01.patch
  * Added rsync-CVE-2024-12084-overflow-02.patch
  * Added rsync-CVE-2024-12085.patch
  * Added rsync-CVE-2024-12086_01.patch
  * Added rsync-CVE-2024-12086_02.patch
  * Added rsync-CVE-2024-12086_03.patch
  * Added rsync-CVE-2024-12086_04.patch
  * Added rsync-CVE-2024-12087_01.patch
  * Added rsync-CVE-2024-12087_02.patch
  * Added rsync-CVE-2024-12088.patch

OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=129
2025-01-15 08:07:45 +00:00

41 lines
1.2 KiB
Diff
Raw Blame History

From 42e2b56c4ede3ab164f9a5c6dae02aa84606a6c1 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayne@opencoder.net>
Date: Tue, 5 Nov 2024 11:01:03 -0800
Subject: [PATCH 2/2] Another cast when multiplying integers.
---
rsync.h | 2 +-
sender.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/rsync.h b/rsync.h
index 8ddbe702..0f9e277f 100644
--- a/rsync.h
+++ b/rsync.h
@@ -982,7 +982,7 @@ struct map_struct {
int status; /* first errno from read errors */
};
-#define sum2_at(s, i) ((s)->sum2_array + ((OFF_T)(i) * xfer_sum_len))
+#define sum2_at(s, i) ((s)->sum2_array + ((size_t)(i) * xfer_sum_len))
#define NAME_IS_FILE (0) /* filter name as a file */
#define NAME_IS_DIR (1<<0) /* filter name as a dir */
diff --git a/sender.c b/sender.c
index ab205341..2bbff2fa 100644
--- a/sender.c
+++ b/sender.c
@@ -95,7 +95,7 @@ static struct sum_struct *receive_sums(int f)
return(s);
s->sums = new_array(struct sum_buf, s->count);
- s->sum2_array = new_array(char, s->count * xfer_sum_len);
+ s->sum2_array = new_array(char, (size_t)s->count * xfer_sum_len);
for (i = 0; i < s->count; i++) {
s->sums[i].sum1 = read_int(f);
--
2.34.1
Reference in New Issue View Git Blame Copy Permalink