rsync (GPLv2): fix security vulnerability CVE-2007-4091
Added a patch to fix http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 [YOCTO #984] is partially fixed by this commit. (From OE-Core rev: 3670f110aacebdde118b79d31aa15156330418c6) Signed-off-by: Dexuan Cui <dexuan.cui@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
32e63c24f1
commit
cd4a94d124
|
@ -0,0 +1,70 @@
|
|||
Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
|
||||
|
||||
The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
|
||||
address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
|
||||
|
||||
Date: Tue May 10 10:07:36 2011 +0800
|
||||
Dexuan Cui <dexuan.cui@intel.com>
|
||||
|
||||
diff --git a/sender.c b/sender.c
|
||||
index 6fcaa65..053a8f1 100644
|
||||
--- a/sender.c
|
||||
+++ b/sender.c
|
||||
@@ -123,6 +123,7 @@ void successful_send(int ndx)
|
||||
char fname[MAXPATHLEN];
|
||||
struct file_struct *file;
|
||||
unsigned int offset;
|
||||
+ size_t l = 0;
|
||||
|
||||
if (ndx < 0 || ndx >= the_file_list->count)
|
||||
return;
|
||||
@@ -133,6 +134,20 @@ void successful_send(int ndx)
|
||||
file->dir.root, "/", NULL);
|
||||
} else
|
||||
offset = 0;
|
||||
+
|
||||
+ l = offset + 1;
|
||||
+ if (file) {
|
||||
+ if (file->dirname)
|
||||
+ l += strlen(file->dirname);
|
||||
+ if (file->basename)
|
||||
+ l += strlen(file->basename);
|
||||
+ }
|
||||
+
|
||||
+ if (l >= sizeof(fname)) {
|
||||
+ rprintf(FERROR, "Overlong pathname\n");
|
||||
+ exit_cleanup(RERR_FILESELECT);
|
||||
+ }
|
||||
+
|
||||
f_name(file, fname + offset);
|
||||
if (remove_source_files) {
|
||||
if (do_unlink(fname) == 0) {
|
||||
@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)
|
||||
enum logcode log_code = log_before_transfer ? FLOG : FINFO;
|
||||
int f_xfer = write_batch < 0 ? batch_fd : f_out;
|
||||
int i, j;
|
||||
+ size_t l = 0;
|
||||
|
||||
if (verbose > 2)
|
||||
rprintf(FINFO, "send_files starting\n");
|
||||
@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)
|
||||
fname[offset++] = '/';
|
||||
} else
|
||||
offset = 0;
|
||||
+
|
||||
+ l = offset + 1;
|
||||
+ if (file) {
|
||||
+ if (file->dirname)
|
||||
+ l += strlen(file->dirname);
|
||||
+ if (file->basename)
|
||||
+ l += strlen(file->basename);
|
||||
+ }
|
||||
+
|
||||
+ if (l >= sizeof(fname)) {
|
||||
+ rprintf(FERROR, "Overlong pathname\n");
|
||||
+ exit_cleanup(RERR_FILESELECT);
|
||||
+ }
|
||||
+
|
||||
fname2 = f_name(file, fname + offset);
|
||||
|
||||
if (verbose > 2)
|
|
@ -8,6 +8,7 @@ PRIORITY = "optional"
|
|||
DEPENDS = "popt"
|
||||
|
||||
SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \
|
||||
file://rsync-2.6.9-fname-obo.patch \
|
||||
file://rsyncd.conf"
|
||||
|
||||
inherit autotools
|
||||
|
@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""'
|
|||
LICENSE = "GPLv2+"
|
||||
LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"
|
||||
|
||||
PR = "r2"
|
||||
PR = "r3"
|
||||
|
|
Loading…
Reference in New Issue