upstream/oracle/userland-gate: components/rsync/patches/z21762187.patch@61e2751151cd


Fix for CVE-2014-9512 from upstream at https://rsync.samba.org 

--- rsync-3.1.1/flist.c.old	2015-09-04 14:58:04.610748249 -0700
+++ rsync-3.1.1/flist.c	2015-09-04 15:02:22.838695225 -0700
@@ -2435,8 +2435,9 @@
 	return flist;
 }
 
-struct file_list *recv_file_list(int f)
+struct file_list *recv_file_list(int f, int dir_ndx)
 {
+       const char *good_dirname = NULL;
 	struct file_list *flist;
 	int dstart, flags;
 	int64 start_read;
@@ -2491,6 +2492,23 @@
 
 		flist_expand(flist, 1);
 		file = recv_file_entry(f, flist, flags);
+               if (inc_recurse) {
+                       static const char empty_dir[] = "\0";
+                       const char *cur_dir = file->dirname ? file->dirname : empty_dir;
+                       if (relative_paths && *cur_dir == '/')
+                               cur_dir++;
+                       if (cur_dir != good_dirname) {
+                               const char *d = dir_ndx >= 0 ? f_name(dir_flist->files[dir_ndx], NULL) : empty_dir;
+                               if (strcmp(cur_dir, d) != 0) {
+                                       rprintf(FERROR,
+                                               "ABORTING due to invalid dir prefix from sender: %s (should be: %s)\n",
+                                               cur_dir, d);
+                                       exit_cleanup(RERR_PROTOCOL);
+                               }
+                               good_dirname = cur_dir;
+                       }
+               }
+
 
 		if (S_ISREG(file->mode)) {
 			/* Already counted */
@@ -2615,7 +2633,7 @@
 			rprintf(FINFO, "[%s] receiving flist for dir %d\n",
 				who_am_i(), ndx);
 		}
-		flist = recv_file_list(f);
+		flist = recv_file_list(f, ndx);
 		flist->parent_ndx = ndx;
 	}
 }
--- rsync-3.1.1/io.c.old	2015-09-04 14:58:15.706192874 -0700
+++ rsync-3.1.1/io.c	2015-09-04 15:05:23.471180002 -0700
@@ -1685,7 +1685,7 @@
 				rprintf(FINFO, "[%s] receiving flist for dir %d\n",
 					who_am_i(), ndx);
 			}
-			flist = recv_file_list(iobuf.in_fd);
+			flist = recv_file_list(iobuf.in_fd, ndx);
 			flist->parent_ndx = ndx;
 #ifdef SUPPORT_HARD_LINKS
 			if (preserve_hard_links)
--- rsync-3.1.1/main.c.old	2015-09-04 14:58:24.905761717 -0700
+++ rsync-3.1.1/main.c	2015-09-04 15:07:00.835145092 -0700
@@ -1010,7 +1010,7 @@
 		filesfrom_fd = -1;
 	}
 
-	flist = recv_file_list(f_in);
+	flist = recv_file_list(f_in, -1);
 	if (!flist) {
 		rprintf(FERROR,"server_recv: recv_file_list error\n");
 		exit_cleanup(RERR_FILESELECT);
@@ -1184,7 +1184,7 @@
 
 	if (write_batch && !am_server)
 		start_write_batch(f_in);
-	flist = recv_file_list(f_in);
+	flist = recv_file_list(f_in, -1);
 	if (inc_recurse && file_total == 1)
 		recv_additional_file_list(f_in);
 
--- rsync-3.1.1/rsync.c.old	2015-09-04 14:58:51.928552530 -0700
+++ rsync-3.1.1/rsync.c	2015-09-04 15:07:59.696578389 -0700
@@ -364,7 +364,7 @@
 		}
 		/* Send all the data we read for this flist to the generator. */
 		start_flist_forward(ndx);
-		flist = recv_file_list(f_in);
+		flist = recv_file_list(f_in, ndx);
 		flist->parent_ndx = ndx;
 		stop_flist_forward();
 	}
--- rsync-3.1.1/proto.h.old     2015-09-04 17:46:09.133140046 -0700
+++ rsync-3.1.1/proto.h 2015-09-04 17:45:12.510951663 -0700
@@ -89,7 +89,7 @@
 void unmake_file(struct file_struct *file);
 void send_extra_file_list(int f, int at_least);
 struct file_list *send_file_list(int f, int argc, char *argv[]);
-struct file_list *recv_file_list(int f);
+struct file_list *recv_file_list(int f, int dir_ndx);
 void recv_additional_file_list(int f);
 int flist_find(struct file_list *flist, struct file_struct *f);
 int flist_find_ignore_dirness(struct file_list *flist, struct file_struct *f);
author	Petr Sumbera <petr.sumbera@oracle.com>
	Tue, 03 Nov 2015 06:46:03 -0800
changeset 5059	61e2751151cd
parent 4868	86ad1ef86709
permissions	-rw-r--r--