Re: [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Saul Wold <sgw@linux.intel.com>
To: Patches and discussions about the oe-core layer
	<openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091
Date: Tue, 10 May 2011 10:53:43 -0700	[thread overview]
Message-ID: <4DC97BA7.1050304@linux.intel.com> (raw)
In-Reply-To: <29a6f5e598717a6c701495174db9ef4f448e64e7.1304995908.git.dexuan.cui@intel.com>

On 05/09/2011 07:54 PM, Dexuan Cui wrote:
> From: Dexuan Cui<dexuan.cui@intel.com>
>
> Added a patch to fix
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
>
> Signed-off-by: Dexuan Cui<dexuan.cui@intel.com>
> ---
>   .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch  |   70 ++++++++++++++++++++
>   meta/recipes-devtools/rsync/rsync_2.6.9.bb         |    3 +-
>   2 files changed, 72 insertions(+), 1 deletions(-)
>   create mode 100644 meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>
> diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
> new file mode 100644
> index 0000000..f054452
> --- /dev/null
> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
> @@ -0,0 +1,70 @@
> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
> +
> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
> +
> +Date:   Tue May 10 10:07:36 2011 +0800
> +Dexuan Cui<dexuan.cui@intel.com>
> +
> +diff --git a/sender.c b/sender.c
> +index 6fcaa65..053a8f1 100644
> +--- a/sender.c
> ++++ b/sender.c
> +@@ -123,6 +123,7 @@ void successful_send(int ndx)
> + 	char fname[MAXPATHLEN];
> + 	struct file_struct *file;
> + 	unsigned int offset;
> ++	size_t l = 0;
> +
> + 	if (ndx<  0 || ndx>= the_file_list->count)
> + 		return;
> +@@ -133,6 +134,20 @@ void successful_send(int ndx)
> + 				    file->dir.root, "/", NULL);
> + 	} else
> + 		offset = 0;
> ++
> ++	l = offset + 1;
> ++	if (file) {
> ++		if (file->dirname)
> ++			l += strlen(file->dirname);
> ++		if (file->basename)
> ++			l += strlen(file->basename);
> ++	}
> ++
> ++	if (l>= sizeof(fname)) {
> ++		rprintf(FERROR, "Overlong pathname\n");
> ++		exit_cleanup(RERR_FILESELECT);
> ++	}
> ++
> + 	f_name(file, fname + offset);
> + 	if (remove_source_files) {
> + 		if (do_unlink(fname) == 0) {
> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)
> + 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
> + 	int f_xfer = write_batch<  0 ? batch_fd : f_out;
> + 	int i, j;
> ++	size_t l = 0;
> +
> + 	if (verbose>  2)
> + 		rprintf(FINFO, "send_files starting\n");
> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)
> + 				fname[offset++] = '/';
> + 		} else
> + 			offset = 0;
> ++
> ++		l = offset + 1;
> ++		if (file) {
> ++			if (file->dirname)
> ++				l += strlen(file->dirname);
> ++			if (file->basename)
> ++				l += strlen(file->basename);
> ++		}
> ++
> ++		if (l>= sizeof(fname)) {
> ++			rprintf(FERROR, "Overlong pathname\n");
> ++			exit_cleanup(RERR_FILESELECT);
> ++		}
> ++
> + 		fname2 = f_name(file, fname + offset);
> +
> + 		if (verbose>  2)
> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> index 4337982..17c18a4 100644
> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> @@ -8,6 +8,7 @@ PRIORITY = "optional"
>   DEPENDS = "popt"
>
>   SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \
> +           file://rsync-2.6.9-fname-obo.patch \
>              file://rsyncd.conf"
>
>   inherit autotools
> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""'
>   LICENSE = "GPLv2+"
>   LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"
>
> -PR = "r2"
> +PR = "r3"

Merged into oe-core and poky/master and staged for Bernard

Thanks
	Sau!

     prev parent reply	other threads:[~2011-05-10 17:56 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-05-10  2:54 [PATCH 0/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091 Dexuan Cui
2011-05-10  2:54 ` [PATCH 1/1] " Dexuan Cui
2011-05-10  5:01   ` Saul Wold
2011-05-10  5:03     ` He, Qing
2011-05-10  5:05       ` Saul Wold
2011-05-10  5:18         ` Cui, Dexuan
2011-05-10 17:53   ` Saul Wold [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4DC97BA7.1050304@linux.intel.com \
    --to=sgw@linux.intel.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.