diff options
| author |   Thomas Deutschmann <whissi@gentoo.org> | 2017-11-14 23:40:01 +0100 |
|---|---|---|
| committer | Thomas Deutschmann <whissi@gentoo.org> | 2017-11-14 23:40:01 +0100 |
| commit | 61f33ecb79092b9b86d8a95da0950215e6194122 (patch) | |
| tree | 15c21da44af7829d37650405c9d71fc6ff34b646 /net-misc/rsync/files | |
| parent | net-misc/openssh: Rev bump to fix CVE-2017-15906 (diff) | |
| download | gentoo-61f33ecb79092b9b86d8a95da0950215e6194122.tar.gz gentoo-61f33ecb79092b9b86d8a95da0950215e6194122.tar.bz2 gentoo-61f33ecb79092b9b86d8a95da0950215e6194122.zip | |
net-misc/rsync: Rev bump to fix CVE-2017-16548
Bug: https://bugs.gentoo.org/636714
Package-Manager: Portage-2.3.13, Repoman-2.3.4
Diffstat (limited to 'net-misc/rsync/files')
| -rw-r--r-- | net-misc/rsync/files/rsync-3.1.2-CVE-2017-16548.patch | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-16548.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-16548.patch new file mode 100644 index 000000000000..d06607cf772c --- /dev/null +++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-16548.patch @@ -0,0 +1,17 @@ +X-Git-Url: https://git.samba.org/rsync.git/?p=rsync.git;a=blobdiff_plain;f=xattrs.c;h=4867e6f5b8ad2934d43b06f3b99b7b3690a6dc7a;hp=68305d7559b34f5cc2f196b74429b82fa6ff49dd;hb=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1;hpb=bc112b0e7feece62ce98708092306639a8a53cce + +diff --git a/xattrs.c b/xattrs.c +index 68305d7..4867e6f 100644 +--- a/xattrs.c ++++ b/xattrs.c +@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file) + out_of_memory("receive_xattr"); + name = ptr + dget_len + extra_len; + read_buf(f, name, name_len); ++ if (name_len < 1 || name[name_len-1] != '\0') { ++ rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n"); ++ exit_cleanup(RERR_FILEIO); ++ } + if (dget_len == datum_len) + read_buf(f, ptr, dget_len); + else { |