diff options
| author | Archana Polampalli <archana.polampalli@windriver.com> | 2025-01-16 15:51:15 +0000 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-01-24 07:49:28 -0800 |
| commit | 5d60b24103c9f1267b43f8acb214c903c2ee27fd (patch) | |
| tree | 17d8e39d0a9898054a7c4a750db94b2f0b7425ee /meta | |
| parent | a1fab4c1a99c39792891fb84979f3f6f72c9bb68 (diff) | |
| download | poky-5d60b24103c9f1267b43f8acb214c903c2ee27fd.tar.gz | |
rsync: fix CVE-2024-12085
A flaw was found in the rsync daemon which could be triggered when rsync compares
file checksums. This flaw allows an attacker to manipulate the checksum length
(s2length) to cause a comparison between a checksum and uninitialized memory and
leak one byte of uninitialized stack data at a time.
(From OE-Core rev: 3fd8bea3e72573cca03cd3f6f4fc077cd2fd45a3)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-devtools/rsync/files/CVE-2024-12085.patch | 32 | ||||
| -rw-r--r-- | meta/recipes-devtools/rsync/rsync_3.2.7.bb | 1 |
2 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch new file mode 100644 index 0000000000..165d5a62f9 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch | |||
| @@ -0,0 +1,32 @@ | |||
| 1 | From 589b0691e59f761ccb05ddb8e1124991440db2c7 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Andrew Tridgell <andrew@tridgell.net> | ||
| 3 | Date: Thu, 14 Nov 2024 09:57:08 +1100 | ||
| 4 | Subject: [PATCH] prevent information leak off the stack | ||
| 5 | |||
| 6 | prevent leak of uninitialised stack data in hash_search | ||
| 7 | |||
| 8 | CVE: CVE-2024-12085 | ||
| 9 | |||
| 10 | Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=589b0691e59f761ccb05ddb8e1124991440db2c7] | ||
| 11 | |||
| 12 | Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> | ||
| 13 | --- | ||
| 14 | match.c | 3 +++ | ||
| 15 | 1 file changed, 3 insertions(+) | ||
| 16 | |||
| 17 | diff --git a/match.c b/match.c | ||
| 18 | index 36e78ed2..dfd6af2c 100644 | ||
| 19 | --- a/match.c | ||
| 20 | +++ b/match.c | ||
| 21 | @@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s, | ||
| 22 | int more; | ||
| 23 | schar *map; | ||
| 24 | |||
| 25 | + // prevent possible memory leaks | ||
| 26 | + memset(sum2, 0, sizeof sum2); | ||
| 27 | + | ||
| 28 | /* want_i is used to encourage adjacent matches, allowing the RLL | ||
| 29 | * coding of the output to work more efficiently. */ | ||
| 30 | want_i = 0; | ||
| 31 | -- | ||
| 32 | 2.40.0 | ||
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb index 749d44948d..6f4d539e4a 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb | |||
| @@ -17,6 +17,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ | |||
| 17 | file://0001-Add-missing-prototypes-to-function-declarations.patch \ | 17 | file://0001-Add-missing-prototypes-to-function-declarations.patch \ |
| 18 | file://CVE-2024-12084-0001.patch \ | 18 | file://CVE-2024-12084-0001.patch \ |
| 19 | file://CVE-2024-12084-0002.patch \ | 19 | file://CVE-2024-12084-0002.patch \ |
| 20 | file://CVE-2024-12085.patch \ | ||
| 20 | " | 21 | " |
| 21 | 22 | ||
| 22 | SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" | 23 | SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" |
