diff options
Diffstat (limited to 'meta/recipes-devtools/rsync/files/CVE-2024-12085.patch')
| -rw-r--r-- | meta/recipes-devtools/rsync/files/CVE-2024-12085.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch new file mode 100644 index 0000000000..165d5a62f9 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch | |||
| @@ -0,0 +1,32 @@ | |||
| 1 | From 589b0691e59f761ccb05ddb8e1124991440db2c7 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Andrew Tridgell <andrew@tridgell.net> | ||
| 3 | Date: Thu, 14 Nov 2024 09:57:08 +1100 | ||
| 4 | Subject: [PATCH] prevent information leak off the stack | ||
| 5 | |||
| 6 | prevent leak of uninitialised stack data in hash_search | ||
| 7 | |||
| 8 | CVE: CVE-2024-12085 | ||
| 9 | |||
| 10 | Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=589b0691e59f761ccb05ddb8e1124991440db2c7] | ||
| 11 | |||
| 12 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
| 13 | --- | ||
| 14 | match.c | 3 +++ | ||
| 15 | 1 file changed, 3 insertions(+) | ||
| 16 | |||
| 17 | diff --git a/match.c b/match.c | ||
| 18 | index 36e78ed2..dfd6af2c 100644 | ||
| 19 | --- a/match.c | ||
| 20 | +++ b/match.c | ||
| 21 | @@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s, | ||
| 22 | int more; | ||
| 23 | schar *map; | ||
| 24 | |||
| 25 | + // prevent possible memory leaks | ||
| 26 | + memset(sum2, 0, sizeof sum2); | ||
| 27 | + | ||
| 28 | /* want_i is used to encourage adjacent matches, allowing the RLL | ||
| 29 | * coding of the output to work more efficiently. */ | ||
| 30 | want_i = 0; | ||
| 31 | -- | ||
| 32 | 2.40.0 | ||