Browse Source

rsync: update to 3.1.2

https://rsync.samba.org/security.html#s3_1_2:

If you're using a version of rsync older than 3.1.2 as a client and
receiving files from an rsync server that you might not fully trust,
this version adds extra checking to the file list to prevent the sender
from tweaking the paths and/or the transfer requests in a way that could
cause a file to be received outside the transfer destination.

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
lilik-openwrt-22.03
Maxim Storchak 9 years ago
parent
commit
3a0b5a0111
2 changed files with 3 additions and 109 deletions
  1. +3
    -3
      net/rsync/Makefile
  2. +0
    -106
      net/rsync/patches/000-CVE-2014-9512.patch

+ 3
- 3
net/rsync/Makefile View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=rsync PKG_NAME:=rsync
PKG_VERSION:=3.1.1
PKG_RELEASE:=2
PKG_VERSION:=3.1.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://rsync.samba.org/ftp/rsync/src PKG_SOURCE_URL:=http://rsync.samba.org/ftp/rsync/src
PKG_MD5SUM:=43bd6676f0b404326eee2d63be3cdcfe
PKG_MD5SUM:=0f758d7e000c0f7f7d3792610fad70cb
PKG_MAINTAINER:=Maxim Storchak <m.storchak@gmail.com> PKG_MAINTAINER:=Maxim Storchak <m.storchak@gmail.com>
PKG_LICENSE:=GPL-3.0 PKG_LICENSE:=GPL-3.0
PKG_LICENSE_FILES:=COPYING PKG_LICENSE_FILES:=COPYING


+ 0
- 106
net/rsync/patches/000-CVE-2014-9512.patch View File

@ -1,106 +0,0 @@
From: Wayne Davison <wayned@samba.org>
Date: Wed, 31 Dec 2014 20:41:03 +0000 (-0800)
Subject: Complain if an inc-recursive path is not right for its dir.
X-Git-Url: https://git.samba.org/?p=rsync.git;a=commitdiff_plain;h=962f8b90045ab331fc04c9e65f80f1a53e68243b
Complain if an inc-recursive path is not right for its dir.
This ensures that a malicious sender can't use a just-sent
symlink as a trasnfer path.
---
diff --git a/flist.c b/flist.c
index c24672e..92e4b65 100644
--- a/flist.c
+++ b/flist.c
@@ -2435,8 +2435,9 @@ struct file_list *send_file_list(int f, int argc, char *argv[])
return flist;
}
-struct file_list *recv_file_list(int f)
+struct file_list *recv_file_list(int f, int dir_ndx)
{
+ const char *good_dirname = NULL;
struct file_list *flist;
int dstart, flags;
int64 start_read;
@@ -2492,6 +2493,23 @@ struct file_list *recv_file_list(int f)
flist_expand(flist, 1);
file = recv_file_entry(f, flist, flags);
+ if (inc_recurse) {
+ static const char empty_dir[] = "\0";
+ const char *cur_dir = file->dirname ? file->dirname : empty_dir;
+ if (relative_paths && *cur_dir == '/')
+ cur_dir++;
+ if (cur_dir != good_dirname) {
+ const char *d = dir_ndx >= 0 ? f_name(dir_flist->files[dir_ndx], NULL) : empty_dir;
+ if (strcmp(cur_dir, d) != 0) {
+ rprintf(FERROR,
+ "ABORTING due to invalid dir prefix from sender: %s (should be: %s)\n",
+ cur_dir, d);
+ exit_cleanup(RERR_PROTOCOL);
+ }
+ good_dirname = cur_dir;
+ }
+ }
+
if (S_ISREG(file->mode)) {
/* Already counted */
} else if (S_ISDIR(file->mode)) {
@@ -2615,7 +2633,7 @@ void recv_additional_file_list(int f)
rprintf(FINFO, "[%s] receiving flist for dir %d\n",
who_am_i(), ndx);
}
- flist = recv_file_list(f);
+ flist = recv_file_list(f, ndx);
flist->parent_ndx = ndx;
}
}
diff --git a/io.c b/io.c
index b9a9bd0..a868fa9 100644
--- a/io.c
+++ b/io.c
@@ -1685,7 +1685,7 @@ void wait_for_receiver(void)
rprintf(FINFO, "[%s] receiving flist for dir %d\n",
who_am_i(), ndx);
}
- flist = recv_file_list(iobuf.in_fd);
+ flist = recv_file_list(iobuf.in_fd, ndx);
flist->parent_ndx = ndx;
#ifdef SUPPORT_HARD_LINKS
if (preserve_hard_links)
diff --git a/main.c b/main.c
index e7a13f7..713b818 100644
--- a/main.c
+++ b/main.c
@@ -1009,7 +1009,7 @@ static void do_server_recv(int f_in, int f_out, int argc, char *argv[])
filesfrom_fd = -1;
}
- flist = recv_file_list(f_in);
+ flist = recv_file_list(f_in, -1);
if (!flist) {
rprintf(FERROR,"server_recv: recv_file_list error\n");
exit_cleanup(RERR_FILESELECT);
@@ -1183,7 +1183,7 @@ int client_run(int f_in, int f_out, pid_t pid, int argc, char *argv[])
if (write_batch && !am_server)
start_write_batch(f_in);
- flist = recv_file_list(f_in);
+ flist = recv_file_list(f_in, -1);
if (inc_recurse && file_total == 1)
recv_additional_file_list(f_in);
diff --git a/rsync.c b/rsync.c
index 68ff6b1..c3ecc51 100644
--- a/rsync.c
+++ b/rsync.c
@@ -364,7 +364,7 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr,
}
/* Send all the data we read for this flist to the generator. */
start_flist_forward(ndx);
- flist = recv_file_list(f_in);
+ flist = recv_file_list(f_in, ndx);
flist->parent_ndx = ndx;
stop_flist_forward();
}

Loading…
Cancel
Save