diff options
| author | Dexuan Cui <dexuan.cui@intel.com> | 2011-05-10 10:34:41 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2011-05-10 09:55:00 +0100 |
| commit | cd4a94d124945134cdaefb59e80cab8dcd44f4df (patch) | |
| tree | 666edf3e4e50e327197498b27f840a1492020eb4 /meta/recipes-devtools/rsync/rsync-2.6.9 | |
| parent | 32e63c24f1830907b8ab0b48aa901bbeadad440c (diff) | |
| download | poky-cd4a94d124945134cdaefb59e80cab8dcd44f4df.tar.gz | |
rsync (GPLv2): fix security vulnerability CVE-2007-4091
Added a patch to fix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
[YOCTO #984] is partially fixed by this commit.
(From OE-Core rev: 3670f110aacebdde118b79d31aa15156330418c6)
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/rsync/rsync-2.6.9')
| -rw-r--r-- | meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch new file mode 100644 index 0000000000..f054452f37 --- /dev/null +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch | |||
| @@ -0,0 +1,70 @@ | |||
| 1 | Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ] | ||
| 2 | |||
| 3 | The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to | ||
| 4 | address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 | ||
| 5 | |||
| 6 | Date: Tue May 10 10:07:36 2011 +0800 | ||
| 7 | Dexuan Cui <dexuan.cui@intel.com> | ||
| 8 | |||
| 9 | diff --git a/sender.c b/sender.c | ||
| 10 | index 6fcaa65..053a8f1 100644 | ||
| 11 | --- a/sender.c | ||
| 12 | +++ b/sender.c | ||
| 13 | @@ -123,6 +123,7 @@ void successful_send(int ndx) | ||
| 14 | char fname[MAXPATHLEN]; | ||
| 15 | struct file_struct *file; | ||
| 16 | unsigned int offset; | ||
| 17 | + size_t l = 0; | ||
| 18 | |||
| 19 | if (ndx < 0 || ndx >= the_file_list->count) | ||
| 20 | return; | ||
| 21 | @@ -133,6 +134,20 @@ void successful_send(int ndx) | ||
| 22 | file->dir.root, "/", NULL); | ||
| 23 | } else | ||
| 24 | offset = 0; | ||
| 25 | + | ||
| 26 | + l = offset + 1; | ||
| 27 | + if (file) { | ||
| 28 | + if (file->dirname) | ||
| 29 | + l += strlen(file->dirname); | ||
| 30 | + if (file->basename) | ||
| 31 | + l += strlen(file->basename); | ||
| 32 | + } | ||
| 33 | + | ||
| 34 | + if (l >= sizeof(fname)) { | ||
| 35 | + rprintf(FERROR, "Overlong pathname\n"); | ||
| 36 | + exit_cleanup(RERR_FILESELECT); | ||
| 37 | + } | ||
| 38 | + | ||
| 39 | f_name(file, fname + offset); | ||
| 40 | if (remove_source_files) { | ||
| 41 | if (do_unlink(fname) == 0) { | ||
| 42 | @@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in) | ||
| 43 | enum logcode log_code = log_before_transfer ? FLOG : FINFO; | ||
| 44 | int f_xfer = write_batch < 0 ? batch_fd : f_out; | ||
| 45 | int i, j; | ||
| 46 | + size_t l = 0; | ||
| 47 | |||
| 48 | if (verbose > 2) | ||
| 49 | rprintf(FINFO, "send_files starting\n"); | ||
| 50 | @@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in) | ||
| 51 | fname[offset++] = '/'; | ||
| 52 | } else | ||
| 53 | offset = 0; | ||
| 54 | + | ||
| 55 | + l = offset + 1; | ||
| 56 | + if (file) { | ||
| 57 | + if (file->dirname) | ||
| 58 | + l += strlen(file->dirname); | ||
| 59 | + if (file->basename) | ||
| 60 | + l += strlen(file->basename); | ||
| 61 | + } | ||
| 62 | + | ||
| 63 | + if (l >= sizeof(fname)) { | ||
| 64 | + rprintf(FERROR, "Overlong pathname\n"); | ||
| 65 | + exit_cleanup(RERR_FILESELECT); | ||
| 66 | + } | ||
| 67 | + | ||
| 68 | fname2 = f_name(file, fname + offset); | ||
| 69 | |||
| 70 | if (verbose > 2) | ||