rpm/rsync
SHA256
1
0
Fork 0
forked from pool/rsync
Code Pull Requests Activity
a9c55393ff
rsync/rsync-equivalent_of_CVE-2014-8242.patch
Ismail Dönmez e31576eaae Accepting request 336730 from home:vitezslav_cizek:branches:network 
- add a compatibility flag to avoid checksum collisions (bsc#900914)
  * fixes rsync equivalent of librsync's CVE-2014-8242
  * added rsync-equivalent_of_CVE-2014-8242.patch
- modify rsync-add_back_use_slp_directive.patch

OBS-URL: https://build.opensuse.org/request/show/336730
OBS-URL: https://build.opensuse.org/package/show/network/rsync?expand=0&rev=47
2015-10-06 18:06:09 +00:00

96 lines
3.3 KiB
Diff
Raw Blame History

From eac858085e3ac94ec0ab5061d11f52652c90a869 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayned@samba.org>
Date: Mon, 11 May 2015 12:36:20 -0700
Subject: [PATCH] Add compat flag to allow proper seed checksum order. Fixes
the equivalent of librsync's CVE-2014-8242 issue.
---
checksum.c | 17 +++++++++++++----
compat.c | 5 +++++
options.c | 1 +
3 files changed, 19 insertions(+), 4 deletions(-)
Index: rsync-3.1.1/checksum.c
===================================================================
--- rsync-3.1.1.orig/checksum.c 2015-10-06 11:18:33.293065513 +0200
+++ rsync-3.1.1/checksum.c 2015-10-06 11:18:34.382078657 +0200
@@ -23,6 +23,7 @@
extern int checksum_seed;
extern int protocol_version;
+extern int proper_seed_order;
/*
a simple 32 bit checksum that can be upadted from either end
@@ -54,10 +55,18 @@ void get_checksum2(char *buf, int32 len,
if (protocol_version >= 30) {
uchar seedbuf[4];
md5_begin(&m);
- md5_update(&m, (uchar *)buf, len);
- if (checksum_seed) {
- SIVALu(seedbuf, 0, checksum_seed);
- md5_update(&m, seedbuf, 4);
+ if (proper_seed_order) {
+ if (checksum_seed) {
+ SIVALu(seedbuf, 0, checksum_seed);
+ md5_update(&m, seedbuf, 4);
+ }
+ md5_update(&m, (uchar *)buf, len);
+ } else {
+ md5_update(&m, (uchar *)buf, len);
+ if (checksum_seed) {
+ SIVALu(seedbuf, 0, checksum_seed);
+ md5_update(&m, seedbuf, 4);
+ }
}
md5_result(&m, (uchar *)sum);
} else {
Index: rsync-3.1.1/compat.c
===================================================================
--- rsync-3.1.1.orig/compat.c 2015-10-06 11:18:33.293065513 +0200
+++ rsync-3.1.1/compat.c 2015-10-06 11:18:34.383078669 +0200
@@ -27,6 +27,7 @@ int inc_recurse = 0;
int compat_flags = 0;
int use_safe_inc_flist = 0;
int want_xattr_optim = 0;
+int proper_seed_order = 0;
extern int am_server;
extern int am_sender;
@@ -78,6 +79,7 @@ int filesfrom_convert = 0;
#define CF_SYMLINK_ICONV (1<<2)
#define CF_SAFE_FLIST (1<<3)
#define CF_AVOID_XATTR_OPTIM (1<<4)
+#define CF_CHKSUM_SEED_FIX (1<<5)
static const char *client_info;
@@ -257,12 +259,15 @@ void setup_protocol(int f_out,int f_in)
compat_flags |= CF_SAFE_FLIST;
if (local_server || strchr(client_info, 'x') != NULL)
compat_flags |= CF_AVOID_XATTR_OPTIM;
+ if (local_server || strchr(client_info, 'C') != NULL)
+ compat_flags |= CF_CHKSUM_SEED_FIX;
write_byte(f_out, compat_flags);
} else
compat_flags = read_byte(f_in);
/* The inc_recurse var MUST be set to 0 or 1. */
inc_recurse = compat_flags & CF_INC_RECURSE ? 1 : 0;
want_xattr_optim = protocol_version >= 31 && !(compat_flags & CF_AVOID_XATTR_OPTIM);
+ proper_seed_order = compat_flags & CF_CHKSUM_SEED_FIX ? 1 : 0;
if (am_sender) {
receiver_symlink_times = am_server
? strchr(client_info, 'L') != NULL
Index: rsync-3.1.1/options.c
===================================================================
--- rsync-3.1.1.orig/options.c 2015-10-06 11:18:34.383078669 +0200
+++ rsync-3.1.1/options.c 2015-10-06 11:19:37.630842114 +0200
@@ -2505,6 +2505,7 @@ void server_options(char **args, int *ar
#endif
argstr[x++] = 'f'; /* flist I/O-error safety support */
argstr[x++] = 'x'; /* xattr hardlink optimization not desired */
+ argstr[x++] = 'C'; /* support checksum seed order fix */
}
if (x >= (int)sizeof argstr) { /* Not possible... */
View Git Blame Copy Permalink