diff options
Diffstat (limited to 'meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch')
-rw-r--r-- | meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch | 136 |
1 files changed, 0 insertions, 136 deletions
diff --git a/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch b/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch deleted file mode 100644 index 19e7f39167..0000000000 --- a/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch +++ /dev/null | |||
@@ -1,136 +0,0 @@ | |||
1 | From 962f8b90045ab331fc04c9e65f80f1a53e68243b Mon Sep 17 00:00:00 2001 | ||
2 | From: Wayne Davison <wayned@samba.org> | ||
3 | Date: Wed, 31 Dec 2014 12:41:03 -0800 | ||
4 | Subject: [PATCH] Complain if an inc-recursive path is not right for its dir. | ||
5 | This ensures that a malicious sender can't use a just-sent symlink as a | ||
6 | trasnfer path. | ||
7 | |||
8 | Upstream-Status: BackPort | ||
9 | CVE: CVE-2014-9512 | ||
10 | |||
11 | Fix the CVE-2014-9512, rsync 3.1.1 allows remote attackers to write to arbitrary | ||
12 | files via a symlink attack on a file in the synchronization path. | ||
13 | |||
14 | BackPort and fix this patch to make it able to apply to source code | ||
15 | |||
16 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | ||
17 | --- | ||
18 | flist.c | 22 ++++++++++++++++++++-- | ||
19 | io.c | 2 +- | ||
20 | main.c | 4 ++-- | ||
21 | rsync.c | 2 +- | ||
22 | proto.h | 2 +- | ||
23 | 6 files changed, 31 insertions(+), 8 deletions(-) | ||
24 | |||
25 | diff --git a/flist.c b/flist.c | ||
26 | index c24672e..92e4b65 100644 | ||
27 | --- a/flist.c | ||
28 | +++ b/flist.c | ||
29 | @@ -2435,8 +2435,9 @@ struct file_list *send_file_list(int f, int argc, char *argv[]) | ||
30 | return flist; | ||
31 | } | ||
32 | |||
33 | -struct file_list *recv_file_list(int f) | ||
34 | +struct file_list *recv_file_list(int f, int dir_ndx) | ||
35 | { | ||
36 | + const char *good_dirname = NULL; | ||
37 | struct file_list *flist; | ||
38 | int dstart, flags; | ||
39 | int64 start_read; | ||
40 | @@ -2492,6 +2493,23 @@ struct file_list *recv_file_list(int f) | ||
41 | flist_expand(flist, 1); | ||
42 | file = recv_file_entry(f, flist, flags); | ||
43 | |||
44 | + if (inc_recurse) { | ||
45 | + static const char empty_dir[] = "\0"; | ||
46 | + const char *cur_dir = file->dirname ? file->dirname : empty_dir; | ||
47 | + if (relative_paths && *cur_dir == '/') | ||
48 | + cur_dir++; | ||
49 | + if (cur_dir != good_dirname) { | ||
50 | + const char *d = dir_ndx >= 0 ? f_name(dir_flist->files[dir_ndx], NULL) : empty_dir; | ||
51 | + if (strcmp(cur_dir, d) != 0) { | ||
52 | + rprintf(FERROR, | ||
53 | + "ABORTING due to invalid dir prefix from sender: %s (should be: %s)\n", | ||
54 | + cur_dir, d); | ||
55 | + exit_cleanup(RERR_PROTOCOL); | ||
56 | + } | ||
57 | + good_dirname = cur_dir; | ||
58 | + } | ||
59 | + } | ||
60 | + | ||
61 | if (S_ISREG(file->mode)) { | ||
62 | /* Already counted */ | ||
63 | } else if (S_ISDIR(file->mode)) { | ||
64 | @@ -2615,7 +2633,7 @@ void recv_additional_file_list(int f) | ||
65 | rprintf(FINFO, "[%s] receiving flist for dir %d\n", | ||
66 | who_am_i(), ndx); | ||
67 | } | ||
68 | - flist = recv_file_list(f); | ||
69 | + flist = recv_file_list(f, ndx); | ||
70 | flist->parent_ndx = ndx; | ||
71 | } | ||
72 | } | ||
73 | diff --git a/io.c b/io.c | ||
74 | index b9a9bd0..a868fa9 100644 | ||
75 | --- a/io.c | ||
76 | +++ b/io.c | ||
77 | @@ -1685,7 +1685,7 @@ void wait_for_receiver(void) | ||
78 | rprintf(FINFO, "[%s] receiving flist for dir %d\n", | ||
79 | who_am_i(), ndx); | ||
80 | } | ||
81 | - flist = recv_file_list(iobuf.in_fd); | ||
82 | + flist = recv_file_list(iobuf.in_fd, ndx); | ||
83 | flist->parent_ndx = ndx; | ||
84 | #ifdef SUPPORT_HARD_LINKS | ||
85 | if (preserve_hard_links) | ||
86 | diff --git a/main.c b/main.c | ||
87 | index e7a13f7..713b818 100644 | ||
88 | --- a/main.c | ||
89 | +++ b/main.c | ||
90 | @@ -1009,7 +1009,7 @@ static void do_server_recv(int f_in, int f_out, int argc, char *argv[]) | ||
91 | filesfrom_fd = -1; | ||
92 | } | ||
93 | |||
94 | - flist = recv_file_list(f_in); | ||
95 | + flist = recv_file_list(f_in, -1); | ||
96 | if (!flist) { | ||
97 | rprintf(FERROR,"server_recv: recv_file_list error\n"); | ||
98 | exit_cleanup(RERR_FILESELECT); | ||
99 | @@ -1183,7 +1183,7 @@ int client_run(int f_in, int f_out, pid_t pid, int argc, char *argv[]) | ||
100 | |||
101 | if (write_batch && !am_server) | ||
102 | start_write_batch(f_in); | ||
103 | - flist = recv_file_list(f_in); | ||
104 | + flist = recv_file_list(f_in, -1); | ||
105 | if (inc_recurse && file_total == 1) | ||
106 | recv_additional_file_list(f_in); | ||
107 | |||
108 | diff --git a/rsync.c b/rsync.c | ||
109 | index 68ff6b1..c3ecc51 100644 | ||
110 | --- a/rsync.c | ||
111 | +++ b/rsync.c | ||
112 | @@ -364,7 +364,7 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, | ||
113 | } | ||
114 | /* Send all the data we read for this flist to the generator. */ | ||
115 | start_flist_forward(ndx); | ||
116 | - flist = recv_file_list(f_in); | ||
117 | + flist = recv_file_list(f_in, ndx); | ||
118 | flist->parent_ndx = ndx; | ||
119 | stop_flist_forward(); | ||
120 | } | ||
121 | diff --git a/proto.h b/proto.h | ||
122 | index 22fc539..247c558 100644 | ||
123 | --- a/proto.h | ||
124 | +++ b/proto.h | ||
125 | @@ -89,7 +89,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist, | ||
126 | void unmake_file(struct file_struct *file); | ||
127 | void send_extra_file_list(int f, int at_least); | ||
128 | struct file_list *send_file_list(int f, int argc, char *argv[]); | ||
129 | -struct file_list *recv_file_list(int f); | ||
130 | +struct file_list *recv_file_list(int f, int dir_ndx); | ||
131 | void recv_additional_file_list(int f); | ||
132 | int flist_find(struct file_list *flist, struct file_struct *f); | ||
133 | int flist_find_ignore_dirness(struct file_list *flist, struct file_struct *f); | ||
134 | -- | ||
135 | 1.9.1 | ||
136 | |||