summaryrefslogtreecommitdiff
path: root/backport-CVE-2024-12086-part1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'backport-CVE-2024-12086-part1.patch')
-rw-r--r--backport-CVE-2024-12086-part1.patch37
1 files changed, 37 insertions, 0 deletions
diff --git a/backport-CVE-2024-12086-part1.patch b/backport-CVE-2024-12086-part1.patch
new file mode 100644
index 0000000..45505a6
--- /dev/null
+++ b/backport-CVE-2024-12086-part1.patch
@@ -0,0 +1,37 @@
+From 3feb8669d875d03c9ceb82e208ef40ddda8eb908 Mon Sep 17 00:00:00 2001
+From: Andrew Tridgell <andrew@tridgell.net>
+Date: Sat, 23 Nov 2024 11:08:03 +1100
+Subject: [PATCH 1/4] refuse fuzzy options when fuzzy not selected
+
+this prevents a malicious server providing a file to compare to when
+the user has not given the fuzzy option
+---
+ receiver.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/receiver.c b/receiver.c
+index 6b4b369e..2d7f6033 100644
+--- a/receiver.c
++++ b/receiver.c
+@@ -67,6 +67,7 @@
+ extern struct file_list *cur_flist, *first_flist, *dir_flist;
+ extern filter_rule_list daemon_filter_list;
+ extern OFF_T preallocated_len;
++extern int fuzzy_basis;
+
+ static struct bitbag *delayed_bits = NULL;
+ static int phase = 0, redoing = 0;
+@@ -716,6 +717,10 @@
+ fnamecmp = get_backup_name(fname);
+ break;
+ case FNAMECMP_FUZZY:
++ if (fuzzy_basis == 0) {
++ rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname);
++ exit_cleanup(RERR_PROTOCOL);
++ }
+ if (file->dirname) {
+ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname);
+ fnamecmp = fnamecmpbuf;
+--
+2.34.1
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 11:04:49 +0000