# HG changeset patch # User majid.valiollahzadeh@oracle.com # Date 1442419700 25200 # Node ID 86ad1ef867092a2e7685c3278cfdf6d4b5ccdffd # Parent 9f62fae83a66ddab96a2a632c5de8e4a1ee07da4 21762187 problem in UTILITY/RSYNC diff -r 9f62fae83a66 -r 86ad1ef86709 components/rsync/patches/z21762187.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/rsync/patches/z21762187.patch Wed Sep 16 09:08:20 2015 -0700 @@ -0,0 +1,101 @@ +Fix for CVE-2014-9512 from upstream at https://rsync.samba.org + +--- rsync-3.1.1/flist.c.old 2015-09-04 14:58:04.610748249 -0700 ++++ rsync-3.1.1/flist.c 2015-09-04 15:02:22.838695225 -0700 +@@ -2435,8 +2435,9 @@ + return flist; + } + +-struct file_list *recv_file_list(int f) ++struct file_list *recv_file_list(int f, int dir_ndx) + { ++ const char *good_dirname = NULL; + struct file_list *flist; + int dstart, flags; + int64 start_read; +@@ -2491,6 +2492,23 @@ + + flist_expand(flist, 1); + file = recv_file_entry(f, flist, flags); ++ if (inc_recurse) { ++ static const char empty_dir[] = "\0"; ++ const char *cur_dir = file->dirname ? file->dirname : empty_dir; ++ if (relative_paths && *cur_dir == '/') ++ cur_dir++; ++ if (cur_dir != good_dirname) { ++ const char *d = dir_ndx >= 0 ? f_name(dir_flist->files[dir_ndx], NULL) : empty_dir; ++ if (strcmp(cur_dir, d) != 0) { ++ rprintf(FERROR, ++ "ABORTING due to invalid dir prefix from sender: %s (should be: %s)\n", ++ cur_dir, d); ++ exit_cleanup(RERR_PROTOCOL); ++ } ++ good_dirname = cur_dir; ++ } ++ } ++ + + if (S_ISREG(file->mode)) { + /* Already counted */ +@@ -2615,7 +2633,7 @@ + rprintf(FINFO, "[%s] receiving flist for dir %d\n", + who_am_i(), ndx); + } +- flist = recv_file_list(f); ++ flist = recv_file_list(f, ndx); + flist->parent_ndx = ndx; + } + } +--- rsync-3.1.1/io.c.old 2015-09-04 14:58:15.706192874 -0700 ++++ rsync-3.1.1/io.c 2015-09-04 15:05:23.471180002 -0700 +@@ -1685,7 +1685,7 @@ + rprintf(FINFO, "[%s] receiving flist for dir %d\n", + who_am_i(), ndx); + } +- flist = recv_file_list(iobuf.in_fd); ++ flist = recv_file_list(iobuf.in_fd, ndx); + flist->parent_ndx = ndx; + #ifdef SUPPORT_HARD_LINKS + if (preserve_hard_links) +--- rsync-3.1.1/main.c.old 2015-09-04 14:58:24.905761717 -0700 ++++ rsync-3.1.1/main.c 2015-09-04 15:07:00.835145092 -0700 +@@ -1010,7 +1010,7 @@ + filesfrom_fd = -1; + } + +- flist = recv_file_list(f_in); ++ flist = recv_file_list(f_in, -1); + if (!flist) { + rprintf(FERROR,"server_recv: recv_file_list error\n"); + exit_cleanup(RERR_FILESELECT); +@@ -1184,7 +1184,7 @@ + + if (write_batch && !am_server) + start_write_batch(f_in); +- flist = recv_file_list(f_in); ++ flist = recv_file_list(f_in, -1); + if (inc_recurse && file_total == 1) + recv_additional_file_list(f_in); + +--- rsync-3.1.1/rsync.c.old 2015-09-04 14:58:51.928552530 -0700 ++++ rsync-3.1.1/rsync.c 2015-09-04 15:07:59.696578389 -0700 +@@ -364,7 +364,7 @@ + } + /* Send all the data we read for this flist to the generator. */ + start_flist_forward(ndx); +- flist = recv_file_list(f_in); ++ flist = recv_file_list(f_in, ndx); + flist->parent_ndx = ndx; + stop_flist_forward(); + } +--- rsync-3.1.1/proto.h.old 2015-09-04 17:46:09.133140046 -0700 ++++ rsync-3.1.1/proto.h 2015-09-04 17:45:12.510951663 -0700 +@@ -89,7 +89,7 @@ + void unmake_file(struct file_struct *file); + void send_extra_file_list(int f, int at_least); + struct file_list *send_file_list(int f, int argc, char *argv[]); +-struct file_list *recv_file_list(int f); ++struct file_list *recv_file_list(int f, int dir_ndx); + void recv_additional_file_list(int f); + int flist_find(struct file_list *flist, struct file_struct *f); + int flist_find_ignore_dirness(struct file_list *flist, struct file_struct *f);