mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-09 16:59:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
caac6c06bbeff7691f4f26c1d41e94de3d3c1c9a
poky/meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch
Archana Polampalli 1e04a4df0a rsync: fix CVE-2024-12086 
A flaw was found in rsync. It could allow a server to enumerate the contents of an
arbitrary file from the client's machine. This issue occurs when files are being
copied from a client to a server. During this process, the rsync server will send
checksums of local data to the client to compare with in order to determine what
data needs to be sent to the server. By sending specially constructed checksum values
for arbitrary files, an attacker may be able to reconstruct the data of those files
byte-by-byte based on the responses from the client.

(From OE-Core rev: b49c8f58c20d7deb354a86a34488cb798c49eba3)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-01-24 07:49:28 -08:00

42 lines
1.4 KiB
Diff
Raw Blame History

From 9f86ddc9652247233f32b241a79d5aa4fb9d4afa Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <andrew@tridgell.net>
Date: Tue, 26 Nov 2024 09:16:31 +1100
Subject: [PATCH] disallow ../ elements in relpath for secure_relative_open
CVE: CVE-2024-12086
Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=9f86ddc9652247233f32b241a79d5aa4fb9d4afa]
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
syscall.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/syscall.c b/syscall.c
index cffc814b..081357bb 100644
--- a/syscall.c
+++ b/syscall.c
@@ -716,6 +716,8 @@ int do_open_nofollow(const char *pathname, int flags)
must be a relative path, and the relpath must not contain any
elements in the path which follow symlinks (ie. like O_NOFOLLOW, but
applies to all path components, not just the last component)
+
+ The relpath must also not contain any ../ elements in the path
*/
int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode)
{
@@ -724,6 +726,11 @@ int secure_relative_open(const char *basedir, const char *relpath, int flags, mo
errno = EINVAL;
return -1;
}
+ if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) {
+ // no ../ elements allowed in the relpath
+ errno = EINVAL;
+ return -1;
+ }
#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY)
// really old system, all we can do is live with the risks
--
2.40.0
Reference in New Issue View Git Blame Copy Permalink