automatic import of rsyncopeneuler24.03_LTS

author: CoprDistGit <infra@openeuler.org> 2025-01-15 05:35:26 +0000
committer: CoprDistGit <infra@openeuler.org> 2025-01-15 05:35:26 +0000
commit: f11c15898301b307b5f632569b1946fc6f3d15d2 (patch)
tree: 71a7783a3e100b5738f4612828b75f07527d347a /backport-CVE-2024-12087-part2.patch
parent: 91c281cabee2f40953d20ff0b4aa681d46c9e17b (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/backport-CVE-2024-12087-part2.patch b/backport-CVE-2024-12087-part2.patch
new file mode 100644
index 0000000..b067809
--- /dev/null
+++ b/backport-CVE-2024-12087-part2.patch
@@ -0,0 +1,27 @@
+From b3e16be18d582dac1513c0a932d146b36e867b1b Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Tue, 26 Nov 2024 16:12:45 +1100
+Subject: [PATCH 2/2] range check dir_ndx before use
+
+---
+ flist.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/flist.c b/flist.c
+index 847b1054..087f9da6 100644
+--- a/flist.c
++++ b/flist.c
+@@ -2585,6 +2585,10 @@ struct file_list *recv_file_list(int f, int dir_ndx)
+ #endif
+ 
+ 	if (inc_recurse && dir_ndx >= 0) {
++		if (dir_ndx >= dir_flist->used) {
++			rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used);
++			exit_cleanup(RERR_PROTOCOL);
++		}
+ 		struct file_struct *file = dir_flist->files[dir_ndx];
+ 		if (file->flags & FLAG_GOT_DIR_FLIST) {
+ 			rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);
+-- 
+2.34.1
+
author	CoprDistGit <infra@openeuler.org>	2025-01-15 05:35:26 +0000
committer	CoprDistGit <infra@openeuler.org>	2025-01-15 05:35:26 +0000
commit	f11c15898301b307b5f632569b1946fc6f3d15d2 (patch)
tree	71a7783a3e100b5738f4612828b75f07527d347a /backport-CVE-2024-12087-part2.patch
parent	91c281cabee2f40953d20ff0b4aa681d46c9e17b (diff)