Accepting request 546255 from home:pmonrealgonzalez:branches:network

- Security fix [bsc#1066644, CVE-2017-16548] * Missing trailing '\0' character check could lead to remote DoS * Added rsync-CVE-2017-16548.patch OBS-URL: https://build.opensuse.org/request/show/546255 OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=61
2017-11-28 17:10:20 +00:00 · 2017-11-28 17:10:20 +00:00 · 41fcebecad
commit 41fcebecad
parent 89aa0785d4
3 changed files with 37 additions and 0 deletions
--- a/rsync-CVE-2017-16548.patch
+++ b/rsync-CVE-2017-16548.patch
@ -0,0 +1,27 @@
+From 47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayned@samba.org>
+Date: Sun, 5 Nov 2017 11:33:15 -0800
+Subject: [PATCH 1/1] Enforce trailing \0 when receiving xattr name values.
+ Fixes bug 13112.
+
+---
+ xattrs.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/xattrs.c b/xattrs.c
+index 68305d7..4867e6f 100644
+--- a/xattrs.c
+++ b/xattrs.c
+@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file)
+ 			out_of_memory("receive_xattr");
+ 		name = ptr + dget_len + extra_len;
+ 		read_buf(f, name, name_len);
+		if (name_len < 1 || name[name_len-1] != '\0') {
+			rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n");
+			exit_cleanup(RERR_FILEIO);
+		}
+ 		if (dget_len == datum_len)
+ 			read_buf(f, ptr, dget_len);
+ 		else {
+-- 
+1.9.1
--- a/rsync.changes
+++ b/rsync.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Nov 28 16:18:45 UTC 2017 - pmonrealgonzalez@suse.com
+
+- Security fix [bsc#1066644, CVE-2017-16548]
+  * Missing trailing '\0' character check could lead to remote DoS
+  * Added rsync-CVE-2017-16548.patch
+
 -------------------------------------------------------------------
 Tue Jul 25 11:55:53 UTC 2017 - tchvatal@suse.com

--- a/rsync.spec
+++ b/rsync.spec
@ -40,6 +40,8 @@ Patch0:         rsync-no-libattr.patch
 #PATCH-FIX-SUSE boo#922710 slp
 Patch1:         rsync-add_back_use_slp_directive.patch
 Patch2:         rsync-both-compressions.patch
+#PATCH-FIX-UPSTREAM CVE-2017-16548 bsc#1066644 Missing trailing '\0' check could lead to remote DoS
+Patch3:         rsync-CVE-2017-16548.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libacl-devel
@ -73,6 +75,7 @@ patch -p1 < patches/slp.diff
 patch -p1 < patches/time-limit.diff
 %patch0 -p1
 %patch2 -p1
+%patch3 -p1

 %build
 autoreconf -fiv