mirror of
https://git.yoctoproject.org/poky
synced 2026-06-21 13:54:22 +02:00
957ae42637
Pick patch from [1] also mentioned at Debian report in [2]
[1] bb0a8118c2
[2] https://security-tracker.debian.org/tracker/CVE-2026-41035
[3] https://nvd.nist.gov/vuln/detail/CVE-2026-41035
(From OE-Core rev: b2b51c4f8521ac4fa490e96257142826f2dfda25)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
40 lines
1.2 KiB
Diff
40 lines
1.2 KiB
Diff
From bb0a8118c2d2ab01140bac5e4e327e5e1ef90c9c Mon Sep 17 00:00:00 2001
|
|
From: Andrew Tridgell <andrew@tridgell.net>
|
|
Date: Wed, 22 Apr 2026 09:57:45 +1000
|
|
Subject: [PATCH] xattrs: fixed count in qsort
|
|
|
|
this fixes the count passed to the sort of the xattr list. This issue
|
|
was reported here:
|
|
|
|
https://www.openwall.com/lists/oss-security/2026/04/16/2
|
|
|
|
the bug is not exploitable due to the fork-per-connection design of
|
|
rsync, the attack is the equivalent of the user closing the socket
|
|
themselves.
|
|
|
|
CVE: CVE-2026-41035
|
|
Upstream-Status: Backport [https://github.com/RsyncProject/rsync/commit/bb0a8118c2d2ab01140bac5e4e327e5e1ef90c9c]
|
|
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
|
|
---
|
|
xattrs.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/xattrs.c b/xattrs.c
|
|
index 26e50a6..65166ee 100644
|
|
--- a/xattrs.c
|
|
+++ b/xattrs.c
|
|
@@ -860,8 +860,8 @@ void receive_xattr(int f, struct file_struct *file)
|
|
rxa->num = num;
|
|
}
|
|
|
|
- if (need_sort && count > 1)
|
|
- qsort(temp_xattr.items, count, sizeof (rsync_xa), rsync_xal_compare_names);
|
|
+ if (need_sort && temp_xattr.count > 1)
|
|
+ qsort(temp_xattr.items, temp_xattr.count, sizeof (rsync_xa), rsync_xal_compare_names);
|
|
|
|
ndx = rsync_xal_store(&temp_xattr); /* adds item to rsync_xal_l */
|
|
|
|
--
|
|
2.50.1
|
|
|