mirror of
https://git.yoctoproject.org/poky
synced 2026-04-26 09:32:14 +02:00
a1fab4c1a9
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. (From OE-Core rev: 17fac276e27af19b00b6263f22156a55bae6a5c9) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>