rsync (GPLv2): fix security vulnerability CVE-2007-4091

Added a patch to fix http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 [YOCTO #984] is partially fixed by this commit. (From OE-Core rev: 3670f110aacebdde118b79d31aa15156330418c6) Signed-off-by: Dexuan Cui <dexuan.cui@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-05-10 10:34:41 +08:00 · 2011-05-10 10:34:41 +08:00 · cd4a94d124
parent 32e63c24f1
commit cd4a94d124
2 changed files with 72 additions and 1 deletions
--- a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
+++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
@ -0,0 +1,70 @@
+Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
+
+The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
+address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
+
+Date:   Tue May 10 10:07:36 2011 +0800
+Dexuan Cui <dexuan.cui@intel.com>
+
+diff --git a/sender.c b/sender.c
+index 6fcaa65..053a8f1 100644
+--- a/sender.c
+++ b/sender.c
+@@ -123,6 +123,7 @@ void successful_send(int ndx)
+ 	char fname[MAXPATHLEN];
+ 	struct file_struct *file;
+ 	unsigned int offset;
+	size_t l = 0;
+ 
+ 	if (ndx < 0 || ndx >= the_file_list->count)
+ 		return;
+@@ -133,6 +134,20 @@ void successful_send(int ndx)
+ 				    file->dir.root, "/", NULL);
+ 	} else
+ 		offset = 0;
+
+	l = offset + 1;
+	if (file) {
+		if (file->dirname)
+			l += strlen(file->dirname);
+		if (file->basename)
+			l += strlen(file->basename);
+	}
+
+	if (l >= sizeof(fname)) {
+		rprintf(FERROR, "Overlong pathname\n");
+		exit_cleanup(RERR_FILESELECT);
+	}
+
+ 	f_name(file, fname + offset);
+ 	if (remove_source_files) {
+ 		if (do_unlink(fname) == 0) {
+@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)
+ 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
+ 	int f_xfer = write_batch < 0 ? batch_fd : f_out;
+ 	int i, j;
+	size_t l = 0;
+ 
+ 	if (verbose > 2)
+ 		rprintf(FINFO, "send_files starting\n");
+@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)
+ 				fname[offset++] = '/';
+ 		} else
+ 			offset = 0;
+
+		l = offset + 1;
+		if (file) {
+			if (file->dirname)
+				l += strlen(file->dirname);
+			if (file->basename)
+				l += strlen(file->basename);
+		}
+
+		if (l >= sizeof(fname)) {
+			rprintf(FERROR, "Overlong pathname\n");
+			exit_cleanup(RERR_FILESELECT);
+		}
+
+ 		fname2 = f_name(file, fname + offset);
+ 
+ 		if (verbose > 2)
--- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
+++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
@ -8,6 +8,7 @@ PRIORITY = "optional"
 DEPENDS = "popt"

 SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \
+           file://rsync-2.6.9-fname-obo.patch \
           file://rsyncd.conf"

 inherit autotools
@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""'
 LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"

-PR = "r2"
+PR = "r3"