[PATCH 0/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091

[PATCH 0/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091

[Dexuan Cui]

From: Dexuan Cui <dexuan.cui@intel.com>

The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091

Pull URL: git://git.pokylinux.org/poky-contrib.git
  Branch: dcui/master
  Browse: http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=dcui/master

Thanks,
    Dexuan Cui <dexuan.cui@intel.com>
---


Dexuan Cui (1):
  rsync (GPLv2):  fix security vulnerability CVE-2007-4091

 .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch  |   70 ++++++++++++++++++++
 meta/recipes-devtools/rsync/rsync_2.6.9.bb         |    3 +-
 2 files changed, 72 insertions(+), 1 deletions(-)
 create mode 100644 meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch

-- 
1.7.2

[PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091

[Dexuan Cui]

From: Dexuan Cui <dexuan.cui@intel.com>

Added a patch to fix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
---
 .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch  |   70 ++++++++++++++++++++
 meta/recipes-devtools/rsync/rsync_2.6.9.bb         |    3 +-
 2 files changed, 72 insertions(+), 1 deletions(-)
 create mode 100644 meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch

diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
new file mode 100644
index 0000000..f054452
--- /dev/null
+++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
@@ -0,0 +1,70 @@
+Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
+
+The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
+address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
+
+Date:   Tue May 10 10:07:36 2011 +0800
+Dexuan Cui <dexuan.cui@intel.com>
+
+diff --git a/sender.c b/sender.c
+index 6fcaa65..053a8f1 100644
+--- a/sender.c
++++ b/sender.c
+@@ -123,6 +123,7 @@ void successful_send(int ndx)
+ 	char fname[MAXPATHLEN];
+ 	struct file_struct *file;
+ 	unsigned int offset;
++	size_t l = 0;
+ 
+ 	if (ndx < 0 || ndx >= the_file_list->count)
+ 		return;
+@@ -133,6 +134,20 @@ void successful_send(int ndx)
+ 				    file->dir.root, "/", NULL);
+ 	} else
+ 		offset = 0;
++
++	l = offset + 1;
++	if (file) {
++		if (file->dirname)
++			l += strlen(file->dirname);
++		if (file->basename)
++			l += strlen(file->basename);
++	}
++
++	if (l >= sizeof(fname)) {
++		rprintf(FERROR, "Overlong pathname\n");
++		exit_cleanup(RERR_FILESELECT);
++	}
++
+ 	f_name(file, fname + offset);
+ 	if (remove_source_files) {
+ 		if (do_unlink(fname) == 0) {
+@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)
+ 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
+ 	int f_xfer = write_batch < 0 ? batch_fd : f_out;
+ 	int i, j;
++	size_t l = 0;
+ 
+ 	if (verbose > 2)
+ 		rprintf(FINFO, "send_files starting\n");
+@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)
+ 				fname[offset++] = '/';
+ 		} else
+ 			offset = 0;
++
++		l = offset + 1;
++		if (file) {
++			if (file->dirname)
++				l += strlen(file->dirname);
++			if (file->basename)
++				l += strlen(file->basename);
++		}
++
++		if (l >= sizeof(fname)) {
++			rprintf(FERROR, "Overlong pathname\n");
++			exit_cleanup(RERR_FILESELECT);
++		}
++
+ 		fname2 = f_name(file, fname + offset);
+ 
+ 		if (verbose > 2)
diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
index 4337982..17c18a4 100644
--- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
+++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
@@ -8,6 +8,7 @@ PRIORITY = "optional"
 DEPENDS = "popt"
 
 SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \
+           file://rsync-2.6.9-fname-obo.patch \
            file://rsyncd.conf"
 
 inherit autotools
@@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""'
 LICENSE = "GPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"
 
-PR = "r2"
+PR = "r3"
-- 
1.7.2

Re: [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091

[Saul Wold]

On 05/09/2011 07:54 PM, Dexuan Cui wrote:
> From: Dexuan Cui<dexuan.cui@intel.com>
>
> Added a patch to fix
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
>
This is missing a [YOCTO #bugid], please add and resend. (update branch 
is OK).

Sau!

> Signed-off-by: Dexuan Cui<dexuan.cui@intel.com>
> ---
>   .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch  |   70 ++++++++++++++++++++
>   meta/recipes-devtools/rsync/rsync_2.6.9.bb         |    3 +-
>   2 files changed, 72 insertions(+), 1 deletions(-)
>   create mode 100644 meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>
> diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
> new file mode 100644
> index 0000000..f054452
> --- /dev/null
> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
> @@ -0,0 +1,70 @@
> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
> +
> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
> +
> +Date:   Tue May 10 10:07:36 2011 +0800
> +Dexuan Cui<dexuan.cui@intel.com>
> +
> +diff --git a/sender.c b/sender.c
> +index 6fcaa65..053a8f1 100644
> +--- a/sender.c
> ++++ b/sender.c
> +@@ -123,6 +123,7 @@ void successful_send(int ndx)
> + 	char fname[MAXPATHLEN];
> + 	struct file_struct *file;
> + 	unsigned int offset;
> ++	size_t l = 0;
> +
> + 	if (ndx<  0 || ndx>= the_file_list->count)
> + 		return;
> +@@ -133,6 +134,20 @@ void successful_send(int ndx)
> + 				    file->dir.root, "/", NULL);
> + 	} else
> + 		offset = 0;
> ++
> ++	l = offset + 1;
> ++	if (file) {
> ++		if (file->dirname)
> ++			l += strlen(file->dirname);
> ++		if (file->basename)
> ++			l += strlen(file->basename);
> ++	}
> ++
> ++	if (l>= sizeof(fname)) {
> ++		rprintf(FERROR, "Overlong pathname\n");
> ++		exit_cleanup(RERR_FILESELECT);
> ++	}
> ++
> + 	f_name(file, fname + offset);
> + 	if (remove_source_files) {
> + 		if (do_unlink(fname) == 0) {
> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)
> + 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
> + 	int f_xfer = write_batch<  0 ? batch_fd : f_out;
> + 	int i, j;
> ++	size_t l = 0;
> +
> + 	if (verbose>  2)
> + 		rprintf(FINFO, "send_files starting\n");
> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)
> + 				fname[offset++] = '/';
> + 		} else
> + 			offset = 0;
> ++
> ++		l = offset + 1;
> ++		if (file) {
> ++			if (file->dirname)
> ++				l += strlen(file->dirname);
> ++			if (file->basename)
> ++				l += strlen(file->basename);
> ++		}
> ++
> ++		if (l>= sizeof(fname)) {
> ++			rprintf(FERROR, "Overlong pathname\n");
> ++			exit_cleanup(RERR_FILESELECT);
> ++		}
> ++
> + 		fname2 = f_name(file, fname + offset);
> +
> + 		if (verbose>  2)
> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> index 4337982..17c18a4 100644
> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> @@ -8,6 +8,7 @@ PRIORITY = "optional"
>   DEPENDS = "popt"
>
>   SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \
> +           file://rsync-2.6.9-fname-obo.patch \
>              file://rsyncd.conf"
>
>   inherit autotools
> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""'
>   LICENSE = "GPLv2+"
>   LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"
>
> -PR = "r2"
> +PR = "r3"

Re: [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091

[He, Qing]

>-----Original Message-----
>From: openembedded-core-bounces@lists.openembedded.org
>[mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf Of Saul
>Wold
>Sent: 2011年5月10日 13:02
>To: Patches and discussions about the oe-core layer
>Subject: Re: [OE-core] [PATCH 1/1] rsync (GPLv2): fix security vulnerability
>CVE-2007-4091
>
>On 05/09/2011 07:54 PM, Dexuan Cui wrote:
>> From: Dexuan Cui<dexuan.cui@intel.com>
>>
>> Added a patch to fix
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
>>
>This is missing a [YOCTO #bugid], please add and resend. (update branch
>is OK).

Saul,
	Before the other two CVEs are specifically addressed, I don't think we can call a close on this bug.

Thanks,
Qing

>
>Sau!
>
>> Signed-off-by: Dexuan Cui<dexuan.cui@intel.com>
>> ---
>>   .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch  |   70
>++++++++++++++++++++
>>   meta/recipes-devtools/rsync/rsync_2.6.9.bb         |    3 +-
>>   2 files changed, 72 insertions(+), 1 deletions(-)
>>   create mode 100644
>meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>>
>> diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>> new file mode 100644
>> index 0000000..f054452
>> --- /dev/null
>> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>> @@ -0,0 +1,70 @@
>> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
>> +
>> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
>> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
>> +
>> +Date:   Tue May 10 10:07:36 2011 +0800
>> +Dexuan Cui<dexuan.cui@intel.com>
>> +
>> +diff --git a/sender.c b/sender.c
>> +index 6fcaa65..053a8f1 100644
>> +--- a/sender.c
>> ++++ b/sender.c
>> +@@ -123,6 +123,7 @@ void successful_send(int ndx)
>> + 	char fname[MAXPATHLEN];
>> + 	struct file_struct *file;
>> + 	unsigned int offset;
>> ++	size_t l = 0;
>> +
>> + 	if (ndx<  0 || ndx>= the_file_list->count)
>> + 		return;
>> +@@ -133,6 +134,20 @@ void successful_send(int ndx)
>> + 				    file->dir.root, "/", NULL);
>> + 	} else
>> + 		offset = 0;
>> ++
>> ++	l = offset + 1;
>> ++	if (file) {
>> ++		if (file->dirname)
>> ++			l += strlen(file->dirname);
>> ++		if (file->basename)
>> ++			l += strlen(file->basename);
>> ++	}
>> ++
>> ++	if (l>= sizeof(fname)) {
>> ++		rprintf(FERROR, "Overlong pathname\n");
>> ++		exit_cleanup(RERR_FILESELECT);
>> ++	}
>> ++
>> + 	f_name(file, fname + offset);
>> + 	if (remove_source_files) {
>> + 		if (do_unlink(fname) == 0) {
>> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)
>> + 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
>> + 	int f_xfer = write_batch<  0 ? batch_fd : f_out;
>> + 	int i, j;
>> ++	size_t l = 0;
>> +
>> + 	if (verbose>  2)
>> + 		rprintf(FINFO, "send_files starting\n");
>> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)
>> + 				fname[offset++] = '/';
>> + 		} else
>> + 			offset = 0;
>> ++
>> ++		l = offset + 1;
>> ++		if (file) {
>> ++			if (file->dirname)
>> ++				l += strlen(file->dirname);
>> ++			if (file->basename)
>> ++				l += strlen(file->basename);
>> ++		}
>> ++
>> ++		if (l>= sizeof(fname)) {
>> ++			rprintf(FERROR, "Overlong pathname\n");
>> ++			exit_cleanup(RERR_FILESELECT);
>> ++		}
>> ++
>> + 		fname2 = f_name(file, fname + offset);
>> +
>> + 		if (verbose>  2)
>> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
>b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
>> index 4337982..17c18a4 100644
>> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
>> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
>> @@ -8,6 +8,7 @@ PRIORITY = "optional"
>>   DEPENDS = "popt"
>>
>>   SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \
>> +           file://rsync-2.6.9-fname-obo.patch \
>>              file://rsyncd.conf"
>>
>>   inherit autotools
>> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""'
>>   LICENSE = "GPLv2+"
>>   LIC_FILES_CHKSUM =
>"file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"
>>
>> -PR = "r2"
>> +PR = "r3"
>
>_______________________________________________
>Openembedded-core mailing list
>Openembedded-core@lists.openembedded.org
>http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Re: [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091

[Saul Wold]

On 05/09/2011 10:03 PM, He, Qing wrote:
>> -----Original Message-----
>> From: openembedded-core-bounces@lists.openembedded.org
>> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf Of Saul
>> Wold
>> Sent: 2011年5月10日 13:02
>> To: Patches and discussions about the oe-core layer
>> Subject: Re: [OE-core] [PATCH 1/1] rsync (GPLv2): fix security vulnerability
>> CVE-2007-4091
>>
>> On 05/09/2011 07:54 PM, Dexuan Cui wrote:
>>> From: Dexuan Cui<dexuan.cui@intel.com>
>>>
>>> Added a patch to fix
>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
>>>
>> This is missing a [YOCTO #bugid], please add and resend. (update branch
>> is OK).
> 
> Saul,
> 	Before the other two CVEs are specifically addressed, I don't think we can call a close on this bug.
> 
Yes, that's true, but it's important to know that this patch addresses a
part of that bug.

Sau!

> Thanks,
> Qing
> 
>>
>> Sau!
>>
>>> Signed-off-by: Dexuan Cui<dexuan.cui@intel.com>
>>> ---
>>>    .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch  |   70
>> ++++++++++++++++++++
>>>    meta/recipes-devtools/rsync/rsync_2.6.9.bb         |    3 +-
>>>    2 files changed, 72 insertions(+), 1 deletions(-)
>>>    create mode 100644
>> meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>>>
>>> diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>> b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>>> new file mode 100644
>>> index 0000000..f054452
>>> --- /dev/null
>>> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>>> @@ -0,0 +1,70 @@
>>> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
>>> +
>>> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
>>> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
>>> +
>>> +Date:   Tue May 10 10:07:36 2011 +0800
>>> +Dexuan Cui<dexuan.cui@intel.com>
>>> +
>>> +diff --git a/sender.c b/sender.c
>>> +index 6fcaa65..053a8f1 100644
>>> +--- a/sender.c
>>> ++++ b/sender.c
>>> +@@ -123,6 +123,7 @@ void successful_send(int ndx)
>>> + 	char fname[MAXPATHLEN];
>>> + 	struct file_struct *file;
>>> + 	unsigned int offset;
>>> ++	size_t l = 0;
>>> +
>>> + 	if (ndx<   0 || ndx>= the_file_list->count)
>>> + 		return;
>>> +@@ -133,6 +134,20 @@ void successful_send(int ndx)
>>> + 				    file->dir.root, "/", NULL);
>>> + 	} else
>>> + 		offset = 0;
>>> ++
>>> ++	l = offset + 1;
>>> ++	if (file) {
>>> ++		if (file->dirname)
>>> ++			l += strlen(file->dirname);
>>> ++		if (file->basename)
>>> ++			l += strlen(file->basename);
>>> ++	}
>>> ++
>>> ++	if (l>= sizeof(fname)) {
>>> ++		rprintf(FERROR, "Overlong pathname\n");
>>> ++		exit_cleanup(RERR_FILESELECT);
>>> ++	}
>>> ++
>>> + 	f_name(file, fname + offset);
>>> + 	if (remove_source_files) {
>>> + 		if (do_unlink(fname) == 0) {
>>> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)
>>> + 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
>>> + 	int f_xfer = write_batch<   0 ? batch_fd : f_out;
>>> + 	int i, j;
>>> ++	size_t l = 0;
>>> +
>>> + 	if (verbose>   2)
>>> + 		rprintf(FINFO, "send_files starting\n");
>>> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)
>>> + 				fname[offset++] = '/';
>>> + 		} else
>>> + 			offset = 0;
>>> ++
>>> ++		l = offset + 1;
>>> ++		if (file) {
>>> ++			if (file->dirname)
>>> ++				l += strlen(file->dirname);
>>> ++			if (file->basename)
>>> ++				l += strlen(file->basename);
>>> ++		}
>>> ++
>>> ++		if (l>= sizeof(fname)) {
>>> ++			rprintf(FERROR, "Overlong pathname\n");
>>> ++			exit_cleanup(RERR_FILESELECT);
>>> ++		}
>>> ++
>>> + 		fname2 = f_name(file, fname + offset);
>>> +
>>> + 		if (verbose>   2)
>>> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
>> b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
>>> index 4337982..17c18a4 100644
>>> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
>>> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
>>> @@ -8,6 +8,7 @@ PRIORITY = "optional"
>>>    DEPENDS = "popt"
>>>
>>>    SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \
>>> +           file://rsync-2.6.9-fname-obo.patch \
>>>               file://rsyncd.conf"
>>>
>>>    inherit autotools
>>> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""'
>>>    LICENSE = "GPLv2+"
>>>    LIC_FILES_CHKSUM =
>> "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"
>>>
>>> -PR = "r2"
>>> +PR = "r3"
>>
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core

Re: [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091

[Cui, Dexuan]

Saul Wold wrote:
> On 05/09/2011 10:03 PM, He, Qing wrote:
>>> -----Original Message-----
>>> From: openembedded-core-bounces@lists.openembedded.org
>>> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf
>>> Of Saul Wold Sent: 2011年5月10日 13:02
>>> To: Patches and discussions about the oe-core layer
>>> Subject: Re: [OE-core] [PATCH 1/1] rsync (GPLv2): fix security
>>> vulnerability CVE-2007-4091 
>>> 
>>> On 05/09/2011 07:54 PM, Dexuan Cui wrote:
>>>> From: Dexuan Cui<dexuan.cui@intel.com>
>>>> 
>>>> Added a patch to fix
>>>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
>>>> 
>>> This is missing a [YOCTO #bugid], please add and resend. (update
>>> branch 
>>> is OK).
>> 
>> Saul,
>> 	Before the other two CVEs are specifically addressed, I don't think
>> we can call a close on this bug. 
>> 
> Yes, that's true, but it's important to know that this patch
> addresses a part of that bug.
Hi Saul,
I added "[YOCTO #984] is partially fixed by this commit"  and did "git push" just now.
Please use the same branch 
http://git.pokylinux.org/cgit/cgit.cgi/poky-contrib/commit/?h=dcui/master&id=898ce2ddf774646796af5c8700130916afe6dbc1


Thanks,
-- Dexuan

Re: [PATCH 1/1] rsync (GPLv2): fix security vulnerability CVE-2007-4091

[Saul Wold]

On 05/09/2011 07:54 PM, Dexuan Cui wrote:
> From: Dexuan Cui<dexuan.cui@intel.com>
>
> Added a patch to fix
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
>
> Signed-off-by: Dexuan Cui<dexuan.cui@intel.com>
> ---
>   .../rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch  |   70 ++++++++++++++++++++
>   meta/recipes-devtools/rsync/rsync_2.6.9.bb         |    3 +-
>   2 files changed, 72 insertions(+), 1 deletions(-)
>   create mode 100644 meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
>
> diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
> new file mode 100644
> index 0000000..f054452
> --- /dev/null
> +++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
> @@ -0,0 +1,70 @@
> +Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
> +
> +The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
> +address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
> +
> +Date:   Tue May 10 10:07:36 2011 +0800
> +Dexuan Cui<dexuan.cui@intel.com>
> +
> +diff --git a/sender.c b/sender.c
> +index 6fcaa65..053a8f1 100644
> +--- a/sender.c
> ++++ b/sender.c
> +@@ -123,6 +123,7 @@ void successful_send(int ndx)
> + 	char fname[MAXPATHLEN];
> + 	struct file_struct *file;
> + 	unsigned int offset;
> ++	size_t l = 0;
> +
> + 	if (ndx<  0 || ndx>= the_file_list->count)
> + 		return;
> +@@ -133,6 +134,20 @@ void successful_send(int ndx)
> + 				    file->dir.root, "/", NULL);
> + 	} else
> + 		offset = 0;
> ++
> ++	l = offset + 1;
> ++	if (file) {
> ++		if (file->dirname)
> ++			l += strlen(file->dirname);
> ++		if (file->basename)
> ++			l += strlen(file->basename);
> ++	}
> ++
> ++	if (l>= sizeof(fname)) {
> ++		rprintf(FERROR, "Overlong pathname\n");
> ++		exit_cleanup(RERR_FILESELECT);
> ++	}
> ++
> + 	f_name(file, fname + offset);
> + 	if (remove_source_files) {
> + 		if (do_unlink(fname) == 0) {
> +@@ -224,6 +239,7 @@ void send_files(struct file_list *flist, int f_out, int f_in)
> + 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
> + 	int f_xfer = write_batch<  0 ? batch_fd : f_out;
> + 	int i, j;
> ++	size_t l = 0;
> +
> + 	if (verbose>  2)
> + 		rprintf(FINFO, "send_files starting\n");
> +@@ -259,6 +275,20 @@ void send_files(struct file_list *flist, int f_out, int f_in)
> + 				fname[offset++] = '/';
> + 		} else
> + 			offset = 0;
> ++
> ++		l = offset + 1;
> ++		if (file) {
> ++			if (file->dirname)
> ++				l += strlen(file->dirname);
> ++			if (file->basename)
> ++				l += strlen(file->basename);
> ++		}
> ++
> ++		if (l>= sizeof(fname)) {
> ++			rprintf(FERROR, "Overlong pathname\n");
> ++			exit_cleanup(RERR_FILESELECT);
> ++		}
> ++
> + 		fname2 = f_name(file, fname + offset);
> +
> + 		if (verbose>  2)
> diff --git a/meta/recipes-devtools/rsync/rsync_2.6.9.bb b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> index 4337982..17c18a4 100644
> --- a/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> +++ b/meta/recipes-devtools/rsync/rsync_2.6.9.bb
> @@ -8,6 +8,7 @@ PRIORITY = "optional"
>   DEPENDS = "popt"
>
>   SRC_URI = "http://rsync.samba.org/ftp/rsync/src/rsync-${PV}.tar.gz \
> +           file://rsync-2.6.9-fname-obo.patch \
>              file://rsyncd.conf"
>
>   inherit autotools
> @@ -22,4 +23,4 @@ EXTRA_OEMAKE='STRIP=""'
>   LICENSE = "GPLv2+"
>   LIC_FILES_CHKSUM = "file://COPYING;md5=6d5a9d4c4d3af25cd68fd83e8a8cb09c"
>
> -PR = "r2"
> +PR = "r3"

Merged into oe-core and poky/master and staged for Bernard

Thanks
	Sau!