rsync: fix CVE-2017-17433 and CVE-2017-17434

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2026-01-09 19:31:21 +00:00 · 2017-12-30 13:33:40 +02:00
parent f0cef0a021
commit c2d1405919
4 changed files with 86 additions and 1 deletions
--- a/net/rsync/patches/012-check-fname-in-recv_files-sooner.patch
+++ b/net/rsync/patches/012-check-fname-in-recv_files-sooner.patch
@@ -0,0 +1,36 @@
+commit 3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
+Author: Jeriko One <jeriko.one@gmx.us>
+Date:   Thu Nov 2 23:44:19 2017 -0700
+
+    Check fname in recv_files sooner.
+
+diff --git a/receiver.c b/receiver.c
+index baae3a9..9fdafa1 100644
+--- a/receiver.c
+++ b/receiver.c
+@@ -574,6 +574,12 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 			file = dir_flist->files[cur_flist->parent_ndx];
+ 		fname = local_name ? local_name : f_name(file, fbuf);
+ 
+		if (daemon_filter_list.head
+		    && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+			rprintf(FERROR, "attempt to hack rsync failed.\n");
+			exit_cleanup(RERR_PROTOCOL);
+		}
+
+ 		if (DEBUG_GTE(RECV, 1))
+ 			rprintf(FINFO, "recv_files(%s)\n", fname);
+ 
+@@ -645,12 +651,6 @@ int recv_files(int f_in, int f_out, char *local_name)
+ 
+ 		cleanup_got_literal = 0;
+ 
+-		if (daemon_filter_list.head
+-		    && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) {
+-			rprintf(FERROR, "attempt to hack rsync failed.\n");
+-			exit_cleanup(RERR_PROTOCOL);
+-		}
+-
+ 		if (read_batch) {
+ 			int wanted = redoing
+ 				   ? we_want_redo(ndx)