222f5d35e7
- Security fix: Ignore --protect-args when already sent by client [bsc#1076503, CVE-2018-5764] * Added patch rsync-3.1.2-CVE-2018-5764.patch OBS-URL: https://build.opensuse.org/request/show/567409 OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=65
39 lines
1.4 KiB
Diff
39 lines
1.4 KiB
Diff
From 7706303828fcde524222babb2833864a4bd09e07 Mon Sep 17 00:00:00 2001
|
|
From: Jeriko One <jeriko.one@gmx.us>
|
|
Date: Mon, 20 Nov 2017 14:42:30 -0800
|
|
Subject: [PATCH 1/1] Ignore --protect-args when already sent by client
|
|
|
|
In parse_arguments when --protect-args is encountered the function exits
|
|
early. The caller is expected to check protect_args, and recall
|
|
parse_arguments setting protect_args to 2. This patch prevents the
|
|
client from resetting protect_args during the second pass of
|
|
parse_arguments. This prevents parse_arguments returning early the
|
|
second time before it's able to sanitize the arguments it received.
|
|
---
|
|
options.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
Index: rsync-3.1.2/options.c
|
|
===================================================================
|
|
--- rsync-3.1.2.orig/options.c
|
|
+++ rsync-3.1.2/options.c
|
|
@@ -1304,6 +1304,7 @@ int parse_arguments(int *argc_p, const c
|
|
const char *arg, **argv = *argv_p;
|
|
int argc = *argc_p;
|
|
int opt;
|
|
+ int orig_protect_args = protect_args;
|
|
|
|
if (ref && *ref)
|
|
set_refuse_options(ref);
|
|
@@ -1933,6 +1934,10 @@ int parse_arguments(int *argc_p, const c
|
|
if (fuzzy_basis > 1)
|
|
fuzzy_basis = basis_dir_cnt + 1;
|
|
|
|
+ /* Don't let the client reset protect_args if it was already processed */
|
|
+ if (orig_protect_args == 2 && am_server)
|
|
+ protect_args = orig_protect_args;
|
|
+
|
|
if (protect_args == 1 && am_server)
|
|
return 1;
|
|
|