1 Fix for CVE-2014-9512 from upstream at https://rsync.samba.org |
|
2 |
|
3 --- rsync-3.1.1/flist.c.old 2015-09-04 14:58:04.610748249 -0700 |
|
4 +++ rsync-3.1.1/flist.c 2015-09-04 15:02:22.838695225 -0700 |
|
5 @@ -2435,8 +2435,9 @@ |
|
6 return flist; |
|
7 } |
|
8 |
|
9 -struct file_list *recv_file_list(int f) |
|
10 +struct file_list *recv_file_list(int f, int dir_ndx) |
|
11 { |
|
12 + const char *good_dirname = NULL; |
|
13 struct file_list *flist; |
|
14 int dstart, flags; |
|
15 int64 start_read; |
|
16 @@ -2491,6 +2492,23 @@ |
|
17 |
|
18 flist_expand(flist, 1); |
|
19 file = recv_file_entry(f, flist, flags); |
|
20 + if (inc_recurse) { |
|
21 + static const char empty_dir[] = "\0"; |
|
22 + const char *cur_dir = file->dirname ? file->dirname : empty_dir; |
|
23 + if (relative_paths && *cur_dir == '/') |
|
24 + cur_dir++; |
|
25 + if (cur_dir != good_dirname) { |
|
26 + const char *d = dir_ndx >= 0 ? f_name(dir_flist->files[dir_ndx], NULL) : empty_dir; |
|
27 + if (strcmp(cur_dir, d) != 0) { |
|
28 + rprintf(FERROR, |
|
29 + "ABORTING due to invalid dir prefix from sender: %s (should be: %s)\n", |
|
30 + cur_dir, d); |
|
31 + exit_cleanup(RERR_PROTOCOL); |
|
32 + } |
|
33 + good_dirname = cur_dir; |
|
34 + } |
|
35 + } |
|
36 + |
|
37 |
|
38 if (S_ISREG(file->mode)) { |
|
39 /* Already counted */ |
|
40 @@ -2615,7 +2633,7 @@ |
|
41 rprintf(FINFO, "[%s] receiving flist for dir %d\n", |
|
42 who_am_i(), ndx); |
|
43 } |
|
44 - flist = recv_file_list(f); |
|
45 + flist = recv_file_list(f, ndx); |
|
46 flist->parent_ndx = ndx; |
|
47 } |
|
48 } |
|
49 --- rsync-3.1.1/io.c.old 2015-09-04 14:58:15.706192874 -0700 |
|
50 +++ rsync-3.1.1/io.c 2015-09-04 15:05:23.471180002 -0700 |
|
51 @@ -1685,7 +1685,7 @@ |
|
52 rprintf(FINFO, "[%s] receiving flist for dir %d\n", |
|
53 who_am_i(), ndx); |
|
54 } |
|
55 - flist = recv_file_list(iobuf.in_fd); |
|
56 + flist = recv_file_list(iobuf.in_fd, ndx); |
|
57 flist->parent_ndx = ndx; |
|
58 #ifdef SUPPORT_HARD_LINKS |
|
59 if (preserve_hard_links) |
|
60 --- rsync-3.1.1/main.c.old 2015-09-04 14:58:24.905761717 -0700 |
|
61 +++ rsync-3.1.1/main.c 2015-09-04 15:07:00.835145092 -0700 |
|
62 @@ -1010,7 +1010,7 @@ |
|
63 filesfrom_fd = -1; |
|
64 } |
|
65 |
|
66 - flist = recv_file_list(f_in); |
|
67 + flist = recv_file_list(f_in, -1); |
|
68 if (!flist) { |
|
69 rprintf(FERROR,"server_recv: recv_file_list error\n"); |
|
70 exit_cleanup(RERR_FILESELECT); |
|
71 @@ -1184,7 +1184,7 @@ |
|
72 |
|
73 if (write_batch && !am_server) |
|
74 start_write_batch(f_in); |
|
75 - flist = recv_file_list(f_in); |
|
76 + flist = recv_file_list(f_in, -1); |
|
77 if (inc_recurse && file_total == 1) |
|
78 recv_additional_file_list(f_in); |
|
79 |
|
80 --- rsync-3.1.1/rsync.c.old 2015-09-04 14:58:51.928552530 -0700 |
|
81 +++ rsync-3.1.1/rsync.c 2015-09-04 15:07:59.696578389 -0700 |
|
82 @@ -364,7 +364,7 @@ |
|
83 } |
|
84 /* Send all the data we read for this flist to the generator. */ |
|
85 start_flist_forward(ndx); |
|
86 - flist = recv_file_list(f_in); |
|
87 + flist = recv_file_list(f_in, ndx); |
|
88 flist->parent_ndx = ndx; |
|
89 stop_flist_forward(); |
|
90 } |
|
91 --- rsync-3.1.1/proto.h.old 2015-09-04 17:46:09.133140046 -0700 |
|
92 +++ rsync-3.1.1/proto.h 2015-09-04 17:45:12.510951663 -0700 |
|
93 @@ -89,7 +89,7 @@ |
|
94 void unmake_file(struct file_struct *file); |
|
95 void send_extra_file_list(int f, int at_least); |
|
96 struct file_list *send_file_list(int f, int argc, char *argv[]); |
|
97 -struct file_list *recv_file_list(int f); |
|
98 +struct file_list *recv_file_list(int f, int dir_ndx); |
|
99 void recv_additional_file_list(int f); |
|
100 int flist_find(struct file_list *flist, struct file_struct *f); |
|
101 int flist_find_ignore_dirness(struct file_list *flist, struct file_struct *f); |
|