rsync: fix CVE-2024-12085

A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. (From OE-Core rev: fb8439e856d5ea10d12180020a14442c3b101e56) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Archana Polampalli <archana.polampalli@windriver.com> 2025-01-16 15:15:05 +0000
committer: Steve Sakoman <steve@sakoman.com> 2025-01-25 06:20:37 -0800
commit: b8832293c542062a1f1277f54df06c6309034a4d (patch)
tree: 8176c9db90a8c2ed86ee2b473b68b9acec2d9453
parent: 29909c9cf6f4362f68403760747f23556d1cfb30 (diff)
download: poky-b8832293c542062a1f1277f54df06c6309034a4d.tar.gz
2 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
new file mode 100644
index 0000000000..165d5a62f9
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
@@ -0,0 +1,32 @@
+From 589b0691e59f761ccb05ddb8e1124991440db2c7 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Thu, 14 Nov 2024 09:57:08 +1100
+Subject: [PATCH] prevent information leak off the stack
+prevent leak of uninitialised stack data in hash_search
+CVE: CVE-2024-12085
+Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=589b0691e59f761ccb05ddb8e1124991440db2c7]
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ match.c | 3 +++
+ 1 file changed, 3 insertions(+)
+diff --git a/match.c b/match.c
+index 36e78ed2..dfd6af2c 100644
+--- a/match.c
+++ b/match.c
+@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s,
+        int more;
+        schar *map;
+       // prevent possible memory leaks
+       memset(sum2, 0, sizeof sum2);
+
+        /* want_i is used to encourage adjacent matches, allowing the RLL
+         * coding of the output to work more efficiently. */
+        want_i = 0;
+--
+2.40.0
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index 2f3ea61978..0d9c68a915 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
           file://0001-Add-missing-prototypes-to-function-declarations.patch \
           file://CVE-2024-12084-0001.patch \
           file://CVE-2024-12084-0002.patch \
+           file://CVE-2024-12085.patch \
           "
 SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
author	Archana Polampalli <archana.polampalli@windriver.com>	2025-01-16 15:15:05 +0000
committer	Steve Sakoman <steve@sakoman.com>	2025-01-25 06:20:37 -0800
commit	b8832293c542062a1f1277f54df06c6309034a4d (patch)
tree	8176c9db90a8c2ed86ee2b473b68b9acec2d9453
parent	29909c9cf6f4362f68403760747f23556d1cfb30 (diff)
download	poky-b8832293c542062a1f1277f54df06c6309034a4d.tar.gz

diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch new file mode 100644 index 0000000000..165d5a62f9 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch
@@ -0,0 +1,32 @@
		1	From 589b0691e59f761ccb05ddb8e1124991440db2c7 Mon Sep 17 00:00:00 2001
		2	From: Andrew Tridgell <andrew@tridgell.net>
		3	Date: Thu, 14 Nov 2024 09:57:08 +1100
		4	Subject: [PATCH] prevent information leak off the stack
		5
		6	prevent leak of uninitialised stack data in hash_search
		7
		8	CVE: CVE-2024-12085
		9
		10	Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=589b0691e59f761ccb05ddb8e1124991440db2c7]
		11
		12	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		13	---
		14	match.c \| 3 +++
		15	1 file changed, 3 insertions(+)
		16
		17	diff --git a/match.c b/match.c
		18	index 36e78ed2..dfd6af2c 100644
		19	--- a/match.c
		20	+++ b/match.c
		21	@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s,
		22	int more;
		23	schar *map;
		24
		25	+ // prevent possible memory leaks
		26	+ memset(sum2, 0, sizeof sum2);
		27	+
		28	/* want_i is used to encourage adjacent matches, allowing the RLL
		29	* coding of the output to work more efficiently. */
		30	want_i = 0;
		31	--
		32	2.40.0


diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb index 2f3ea61978..0d9c68a915 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
17	file://0001-Add-missing-prototypes-to-function-declarations.patch \	17	file://0001-Add-missing-prototypes-to-function-declarations.patch \
18	file://CVE-2024-12084-0001.patch \	18	file://CVE-2024-12084-0001.patch \
19	file://CVE-2024-12084-0002.patch \	19	file://CVE-2024-12084-0002.patch \
		20	file://CVE-2024-12085.patch \
20	"	21	"
21	SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"	22	SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
22		23