summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArchana Polampalli <archana.polampalli@windriver.com>2025-01-16 15:51:15 +0000
committerSteve Sakoman <steve@sakoman.com>2025-01-24 07:49:28 -0800
commit5d60b24103c9f1267b43f8acb214c903c2ee27fd (patch)
tree17d8e39d0a9898054a7c4a750db94b2f0b7425ee
parenta1fab4c1a99c39792891fb84979f3f6f72c9bb68 (diff)
downloadpoky-5d60b24103c9f1267b43f8acb214c903c2ee27fd.tar.gz
rsync: fix CVE-2024-12085
A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. (From OE-Core rev: 3fd8bea3e72573cca03cd3f6f4fc077cd2fd45a3) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r--meta/recipes-devtools/rsync/files/CVE-2024-12085.patch32
-rw-r--r--meta/recipes-devtools/rsync/rsync_3.2.7.bb1
2 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
new file mode 100644
index 0000000000..165d5a62f9
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
@@ -0,0 +1,32 @@
1From 589b0691e59f761ccb05ddb8e1124991440db2c7 Mon Sep 17 00:00:00 2001
2From: Andrew Tridgell <andrew@tridgell.net>
3Date: Thu, 14 Nov 2024 09:57:08 +1100
4Subject: [PATCH] prevent information leak off the stack
5
6prevent leak of uninitialised stack data in hash_search
7
8CVE: CVE-2024-12085
9
10Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=589b0691e59f761ccb05ddb8e1124991440db2c7]
11
12Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
13---
14 match.c | 3 +++
15 1 file changed, 3 insertions(+)
16
17diff --git a/match.c b/match.c
18index 36e78ed2..dfd6af2c 100644
19--- a/match.c
20+++ b/match.c
21@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s,
22 int more;
23 schar *map;
24
25+ // prevent possible memory leaks
26+ memset(sum2, 0, sizeof sum2);
27+
28 /* want_i is used to encourage adjacent matches, allowing the RLL
29 * coding of the output to work more efficiently. */
30 want_i = 0;
31--
322.40.0
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index 749d44948d..6f4d539e4a 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
17 file://0001-Add-missing-prototypes-to-function-declarations.patch \ 17 file://0001-Add-missing-prototypes-to-function-declarations.patch \
18 file://CVE-2024-12084-0001.patch \ 18 file://CVE-2024-12084-0001.patch \
19 file://CVE-2024-12084-0002.patch \ 19 file://CVE-2024-12084-0002.patch \
20 file://CVE-2024-12085.patch \
20 " 21 "
21 22
22SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" 23SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"