From 672223241345ea620823895c45e4491d5633ddf33af7fbed53ed211712b66f66 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 15 Aug 2007 19:56:39 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rsync?expand=0&rev=6 --- rsync-overlong.patch | 60 ++++++++++++++++++++++++++++++++++++++++++++ rsync.changes | 5 ++++ rsync.spec | 8 ++++-- 3 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 rsync-overlong.patch diff --git a/rsync-overlong.patch b/rsync-overlong.patch new file mode 100644 index 0000000..dda0dd9 --- /dev/null +++ b/rsync-overlong.patch @@ -0,0 +1,60 @@ +--- rsync-2.6.9.orig/sender.c 2006-09-20 03:53:32.000000000 +0200 ++++ rsync-2.6.9/sender.c 2007-07-25 15:33:05.000000000 +0200 +@@ -123,6 +123,7 @@ + char fname[MAXPATHLEN]; + struct file_struct *file; + unsigned int offset; ++ size_t l = 0; + + if (ndx < 0 || ndx >= the_file_list->count) + return; +@@ -133,6 +134,20 @@ + file->dir.root, "/", NULL); + } else + offset = 0; ++ ++ l = offset + 1; ++ if (file) { ++ if (file->dirname) ++ l += strlen(file->dirname); ++ if (file->basename) ++ l += strlen(file->basename); ++ } ++ ++ if (l >= sizeof(fname)) { ++ rprintf(FERROR, "Overlong pathname\n"); ++ exit_cleanup(RERR_FILESELECT); ++ } ++ + f_name(file, fname + offset); + if (remove_source_files) { + if (do_unlink(fname) == 0) { +@@ -224,6 +239,7 @@ + enum logcode log_code = log_before_transfer ? FLOG : FINFO; + int f_xfer = write_batch < 0 ? batch_fd : f_out; + int i, j; ++ size_t l = 0; + + if (verbose > 2) + rprintf(FINFO, "send_files starting\n"); +@@ -259,6 +275,20 @@ + fname[offset++] = '/'; + } else + offset = 0; ++ ++ l = offset + 1; ++ if (file) { ++ if (file->dirname) ++ l += strlen(file->dirname); ++ if (file->basename) ++ l += strlen(file->basename); ++ } ++ ++ if (l >= sizeof(fname)) { ++ rprintf(FERROR, "Overlong pathname\n"); ++ exit_cleanup(RERR_FILESELECT); ++ } ++ + fname2 = f_name(file, fname + offset); + + if (verbose > 2) diff --git a/rsync.changes b/rsync.changes index 50573e2..51c6041 100644 --- a/rsync.changes +++ b/rsync.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Aug 2 13:52:28 CEST 2007 - ro@suse.de + +- protect from overlong filenames (#294073) CVE-2007-4091 + ------------------------------------------------------------------- Mon May 14 12:50:38 CEST 2007 - mrueckert@suse.de diff --git a/rsync.spec b/rsync.spec index 39285d9..44f7dd7 100644 --- a/rsync.spec +++ b/rsync.spec @@ -18,12 +18,12 @@ BuildRequires: texlive-latex BuildRequires: te_ams te_latex %endif BuildRequires: popt-devel zlib-devel -License: GNU General Public License (GPL) +License: GPL v2 or later Group: Productivity/Networking/Other PreReq: %fillup_prereq %insserv_prereq Autoreqprov: on Version: 2.6.9 -Release: 7 +Release: 33 Summary: Replacement for RCP/mirror that has Many More Features Source: samba.org/ftp/rsync/rsync-%{version}.tar.bz2 Source1: logrotate.rsync @@ -34,6 +34,7 @@ Source5: rsyncd.secrets Patch1: slp-fix.diff Patch2: slp.diff Patch3: system-zlib.diff +Patch4: rsync-overlong.patch URL: http://rsync.samba.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build %define with_system_zlib 0 @@ -69,6 +70,7 @@ cp configure.orig configure #patch -p1 < patches/slp.diff %patch2 -p1 %patch1 +%patch4 -p1 cp configure.orig configure %build @@ -134,6 +136,8 @@ ln -sf ../../etc/init.d/rsyncd $RPM_BUILD_ROOT/usr/sbin/rcrsyncd %doc COPYING NEWS README tech_report.ps tech_report.tex %changelog +* Thu Aug 02 2007 - ro@suse.de +- protect from overlong filenames (#294073) CVE-2007-4091 * Mon May 14 2007 - mrueckert@suse.de - make build work on older distros again. * Tue May 08 2007 - dmueller@suse.de