From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com ([192.55.52.93]) by linuxtogo.org with esmtp (Exim 4.72) (envelope-from ) id 1QJfBL-0001E3-36 for openembedded-core@lists.openembedded.org; Tue, 10 May 2011 07:08:27 +0200 Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga102.fm.intel.com with ESMTP; 09 May 2011 22:05:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.64,344,1301900400"; d="scan'208";a="690494511" Received: from unknown (HELO [10.255.12.75]) ([10.255.12.75]) by fmsmga002.fm.intel.com with ESMTP; 09 May 2011 22:05:41 -0700 Message-ID: <4DC8C7A5.5090009@linux.intel.com> Date: Mon, 09 May 2011 22:05:41 -0700 From: Saul Wold User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.10) Gecko/20100621 Fedora/3.0.5-1.fc13 Lightning/1.0b2pre Thunderbird/3.0.5 MIME-Version: 1.0 To: Patches and discussions about the oe-core layer References: <29a6f5e598717a6c701495174db9ef4f448e64e7.1304995908.git.dexuan.cui@intel.com> <4DC8C6C3.6070000@linux.intel.com> <1865303E0DED764181A9D882DEF65FB6933502FCC3@shsmsx502.ccr.corp.intel.com> In-Reply-To: <1865303E0DED764181A9D882DEF65FB6933502FCC3@shsmsx502.ccr.corp.intel.com> Subject: Re: [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.11 Precedence: list Reply-To: Patches and discussions about the oe-core layer List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2011 05:08:27 -0000 Content-Type: text/plain; charset=GB2312 Content-Transfer-Encoding: 8bit On 05/09/2011 10:03 PM, He, Qing wrote: >> -----Original Message----- >> From: openembedded-core-bounces@lists.openembedded.org >> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf Of Saul >> Wold >> Sent: 2011Äê5ÔÂ10ÈÕ 13:02 >> To: Patches and discussions about the oe-core layer >> Subject: Re: [OE-core] [PATCH 1/1] rsync (GPLv2): fix security vulnerability >> CVE-2007-4091 >> >> On 05/09/2011 07:54 PM, Dexuan Cui wrote: >>> From: Dexuan Cui >>> >>> Added a patch to fix >>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 >>> >> This is missing a [YOCTO #bugid], please add and resend. (update branch >> is OK). > > Saul, > Before the other two CVEs are specifically addressed, I don't think we can call a close on this bug. > Yes, that's true, but it's important to know that this patch addresses a part of that bug. Sau! > Thanks, > Qing > >> >> Sau! >> >>> Signed-off-by: Dexuan Cui >>> --- >>> .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch | 70 >> ++++++++++++++++++++ >>> meta/recipes-devtools/rsync/rsync_2.6.9.bb | 3 +- >>> 2 files changed, 72 insertions(+), 1 deletions(-) >>> create mode 100644 >> meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >>> >>> diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >> b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >>> new file mode 100644 >>> index 0000000..f054452 >>> --- /dev/null >>> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch >>> @@ -0,0 +1,70 @@ >>> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ] >>> + >>> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to >>> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 >>> + >>> +Date: Tue May 10 10:07:36 2011 +0800 >>> +Dexuan Cui >>> + >>> +diff --git a/sender.c b/sender.c >>> +index 6fcaa65..053a8f1 100644 >>> +--- a/sender.c >>> ++++ b/sender.c >>> +@@ -123,6 +123,7 @@ void successful_send(int ndx) >>> + char fname[MAXPATHLEN]; >>> + struct file_struct *file; >>> + unsigned int offset; >>> ++ size_t l = 0; >>> + >>> + if (ndx< 0 || ndx>= the_file_list->count) >>> + return; >>> +@@ -133,6 +134,20 @@ void successful_send(int ndx) >>> + file->dir.root, "/", NULL); >>> + } else >>> + offset = 0; >>> ++ >>> ++ l = offset + 1; >>> ++ if (file) { >>> ++ if (file->dirname) >>> ++ l += strlen(file->dirname); >>> ++ if (file->basename) >>> ++ l += strlen(file->basename); >>> ++ } >>> ++ >>> ++ if (l>= sizeof(fname)) { >>> ++ rprintf(FERROR, "Overlong pathname\n"); >>> ++ exit_cleanup(RERR_FILESELECT); >>> ++ } >>> ++ >>> + f_name(file, fname + offset); >>> + if (remove_source_files) { >>> + if (do_unlink(fname) == 0) { >>> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in) >>> + enum logcode log_code = log_before_transfer ? FLOG : FINFO; >>> + int f_xfer = write_batch< 0 ? batch_fd : f_out; >>> + int i, j; >>> ++ size_t l = 0; >>> + >>> + if (verbose> 2) >>> + rprintf(FINFO, "send_files starting\n"); >>> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in) >>> + fname[offset++] = '/'; >>> + } else >>> + offset = 0; >>> ++ >>> ++ l = offset + 1; >>> ++ if (file) { >>> ++ if (file->dirname) >>> ++ l += strlen(file->dirname); >>> ++ if (file->basename) >>> ++ l += strlen(file->basename); >>> ++ } >>> ++ >>> ++ if (l>= sizeof(fname)) { >>> ++ rprintf(FERROR, "Overlong pathname\n"); >>> ++ exit_cleanup(RERR_FILESELECT); >>> ++ } >>> ++ >>> + fname2 = f_name(file, fname + offset); >>> + >>> + if (verbose> 2) >>> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb >> b/meta/recipes-devtools/rsync/rsync_2.6.9.bb >>> index 4337982..17c18a4 100644 >>> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb >>> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb >>> @@ -8,6 +8,7 @@ PRIORITY = "optional" >>> DEPENDS = "popt" >>> >>> SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \ >>> + file://rsync-2.6.9-fname-obo.patch \ >>> file://rsyncd.conf" >>> >>> inherit autotools >>> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""' >>> LICENSE = "GPLv2+" >>> LIC_FILES_CHKSUM = >> "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c" >>> >>> -PR = "r2" >>> +PR = "r3" >> >> _______________________________________________ >> Openembedded-core mailing list >> Openembedded-core@lists.openembedded.org >> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core