summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDexuan Cui <dexuan.cui@intel.com>2011-05-10 10:34:41 +0800
committerSaul Wold <sgw@linux.intel.com>2011-05-10 07:55:56 -0700
commit4e41793b5c13e70c64aaca36885bcb335ed5ed97 (patch)
treeb3d2907f6460159789ad01aeb314f5ec21b261af
parent5b1d38c0ed231ad06334ac5672c2c8718cf9b322 (diff)
downloadpoky-4e41793b5c13e70c64aaca36885bcb335ed5ed97.tar.gz
rsync (GPLv2): fix security vulnerability CVE-2007-4091
Added a patch to fix http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 [YOCTO #984] is partially fixed by this commit. (From OE-Core rev: 3670f110aacebdde118b79d31aa15156330418c6) Signed-off-by: Dexuan Cui <dexuan.cui@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch70
-rw-r--r--meta/recipes-devtools/rsync/rsync_2.6.9.bb3
2 files changed, 72 insertions, 1 deletions
diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
new file mode 100644
index 0000000000..f054452f37
--- /dev/null
+++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
@@ -0,0 +1,70 @@
1Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
2
3The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
4address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
5
6Date: Tue May 10 10:07:36 2011 +0800
7Dexuan Cui <dexuan.cui@intel.com>
8
9diff --git a/sender.c b/sender.c
10index 6fcaa65..053a8f1 100644
11--- a/sender.c
12+++ b/sender.c
13@@ -123,6 +123,7 @@ void successful_send(int ndx)
14 char fname[MAXPATHLEN];
15 struct file_struct *file;
16 unsigned int offset;
17+ size_t l = 0;
18
19 if (ndx < 0 || ndx >= the_file_list->count)
20 return;
21@@ -133,6 +134,20 @@ void successful_send(int ndx)
22 file->dir.root, "/", NULL);
23 } else
24 offset = 0;
25+
26+ l = offset + 1;
27+ if (file) {
28+ if (file->dirname)
29+ l += strlen(file->dirname);
30+ if (file->basename)
31+ l += strlen(file->basename);
32+ }
33+
34+ if (l >= sizeof(fname)) {
35+ rprintf(FERROR, "Overlong pathname\n");
36+ exit_cleanup(RERR_FILESELECT);
37+ }
38+
39 f_name(file, fname + offset);
40 if (remove_source_files) {
41 if (do_unlink(fname) == 0) {
42@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)
43 enum logcode log_code = log_before_transfer ? FLOG : FINFO;
44 int f_xfer = write_batch < 0 ? batch_fd : f_out;
45 int i, j;
46+ size_t l = 0;
47
48 if (verbose > 2)
49 rprintf(FINFO, "send_files starting\n");
50@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)
51 fname[offset++] = '/';
52 } else
53 offset = 0;
54+
55+ l = offset + 1;
56+ if (file) {
57+ if (file->dirname)
58+ l += strlen(file->dirname);
59+ if (file->basename)
60+ l += strlen(file->basename);
61+ }
62+
63+ if (l >= sizeof(fname)) {
64+ rprintf(FERROR, "Overlong pathname\n");
65+ exit_cleanup(RERR_FILESELECT);
66+ }
67+
68 fname2 = f_name(file, fname + offset);
69
70 if (verbose > 2)
diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
index 43379829ea..17c18a4ad8 100644
--- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
+++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
@@ -8,6 +8,7 @@ PRIORITY = "optional"
8DEPENDS = "popt" 8DEPENDS = "popt"
9 9
10SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \ 10SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \
11 file://rsync-2.6.9-fname-obo.patch \
11 file://rsyncd.conf" 12 file://rsyncd.conf"
12 13
13inherit autotools 14inherit autotools
@@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""'
22LICENSE = "GPLv2+" 23LICENSE = "GPLv2+"
23LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c" 24LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"
24 25
25PR = "r2" 26PR = "r3"