gentoo resync : 15.11.2017

author: V3n3RiX <venerix@redcorelinux.org> 2017-11-15 17:13:45 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2017-11-15 17:13:45 +0000
commit: e2d84e38284aeb9d522a7e935554340ddf0e4a6f (patch)
tree: 5a7444ee5f2af59431481999f729676090b1e0f3 /net-misc/rsync/files
parent: 519e4d5d99fc43d5c9a038098c029dc4ef9d6792 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/net-misc/rsync/files/rsync-3.1.2-CVE-2017-16548.patch b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-16548.patch
new file mode 100644
index 000000000000..d06607cf772c
--- /dev/null
+++ b/net-misc/rsync/files/rsync-3.1.2-CVE-2017-16548.patch
@@ -0,0 +1,17 @@
+X-Git-Url: https://git.samba.org/rsync.git/?p=rsync.git;a=blobdiff_plain;f=xattrs.c;h=4867e6f5b8ad2934d43b06f3b99b7b3690a6dc7a;hp=68305d7559b34f5cc2f196b74429b82fa6ff49dd;hb=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1;hpb=bc112b0e7feece62ce98708092306639a8a53cce
+
+diff --git a/xattrs.c b/xattrs.c
+index 68305d7..4867e6f 100644
+--- a/xattrs.c
++++ b/xattrs.c
+@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file)
+ 			out_of_memory("receive_xattr");
+ 		name = ptr + dget_len + extra_len;
+ 		read_buf(f, name, name_len);
++		if (name_len < 1 || name[name_len-1] != '\0') {
++			rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n");
++			exit_cleanup(RERR_FILEIO);
++		}
+ 		if (dget_len == datum_len)
+ 			read_buf(f, ptr, dget_len);
+ 		else {
author	V3n3RiX <venerix@redcorelinux.org>	2017-11-15 17:13:45 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2017-11-15 17:13:45 +0000
commit	e2d84e38284aeb9d522a7e935554340ddf0e4a6f (patch)
tree	5a7444ee5f2af59431481999f729676090b1e0f3 /net-misc/rsync/files
parent	519e4d5d99fc43d5c9a038098c029dc4ef9d6792 (diff)