Angel Yankov
04926b0b74
* Added rsync-CVE-2024-12747.patch - Security update, fix multiple vulnerabilities: * CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links * CVE-2024-12088, bsc#1234104 - --safe-links Bypass * Added rsync-CVE-2024-12084-overflow-01.patch * Added rsync-CVE-2024-12084-overflow-02.patch * Added rsync-CVE-2024-12085.patch * Added rsync-CVE-2024-12086_01.patch * Added rsync-CVE-2024-12086_02.patch * Added rsync-CVE-2024-12086_03.patch * Added rsync-CVE-2024-12086_04.patch * Added rsync-CVE-2024-12087_01.patch * Added rsync-CVE-2024-12087_02.patch * Added rsync-CVE-2024-12088.patch OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=129
29 lines
855 B
Diff
29 lines
855 B
Diff
From b3e16be18d582dac1513c0a932d146b36e867b1b Mon Sep 17 00:00:00 2001
|
|
From: Andrew Tridgell <andrew@tridgell.net>
|
|
Date: Tue, 26 Nov 2024 16:12:45 +1100
|
|
Subject: [PATCH 2/2] range check dir_ndx before use
|
|
|
|
---
|
|
flist.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/flist.c b/flist.c
|
|
index 847b1054..087f9da6 100644
|
|
--- a/flist.c
|
|
+++ b/flist.c
|
|
@@ -2585,6 +2585,10 @@ struct file_list *recv_file_list(int f, int dir_ndx)
|
|
#endif
|
|
|
|
if (inc_recurse && dir_ndx >= 0) {
|
|
+ if (dir_ndx >= dir_flist->used) {
|
|
+ rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used);
|
|
+ exit_cleanup(RERR_PROTOCOL);
|
|
+ }
|
|
struct file_struct *file = dir_flist->files[dir_ndx];
|
|
if (file->flags & FLAG_GOT_DIR_FLIST) {
|
|
rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);
|
|
--
|
|
2.34.1
|
|
|
|
|