Angel Yankov
04926b0b74
* Added rsync-CVE-2024-12747.patch - Security update, fix multiple vulnerabilities: * CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links * CVE-2024-12088, bsc#1234104 - --safe-links Bypass * Added rsync-CVE-2024-12084-overflow-01.patch * Added rsync-CVE-2024-12084-overflow-02.patch * Added rsync-CVE-2024-12085.patch * Added rsync-CVE-2024-12086_01.patch * Added rsync-CVE-2024-12086_02.patch * Added rsync-CVE-2024-12086_03.patch * Added rsync-CVE-2024-12086_04.patch * Added rsync-CVE-2024-12087_01.patch * Added rsync-CVE-2024-12087_02.patch * Added rsync-CVE-2024-12088.patch OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=129
29 lines
731 B
Diff
29 lines
731 B
Diff
From cf620065502f065d4ea44f5df4f81295a738aa21 Mon Sep 17 00:00:00 2001
|
|
From: Andrew Tridgell <andrew@tridgell.net>
|
|
Date: Thu, 14 Nov 2024 09:57:08 +1100
|
|
Subject: [PATCH] prevent information leak off the stack
|
|
|
|
prevent leak of uninitialised stack data in hash_search
|
|
---
|
|
match.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/match.c b/match.c
|
|
index 36e78ed2..dfd6af2c 100644
|
|
--- a/match.c
|
|
+++ b/match.c
|
|
@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s,
|
|
int more;
|
|
schar *map;
|
|
|
|
+ // prevent possible memory leaks
|
|
+ memset(sum2, 0, sizeof sum2);
|
|
+
|
|
/* want_i is used to encourage adjacent matches, allowing the RLL
|
|
* coding of the output to work more efficiently. */
|
|
want_i = 0;
|
|
--
|
|
2.34.1
|
|
|
|
|