ports/core (2.3): [notify] rsync: fix for CVE-2007-4091

crux at crux.nu crux at crux.nu
Fri Aug 24 06:33:59 UTC 2007


commit 4222576ab7fac83dd98447a2f9efb0fe7b9bc272
Author: Juergen Daubert <jue at jue.li>
Date:   Fri Aug 24 08:33:40 2007 +0200

    [notify] rsync: fix for CVE-2007-4091
    
    http://www.securityfocus.com/bid/25336
    http://c-skills.blogspot.com/2007/08/cve-2007-4091.html

diff --git a/rsync/.md5sum b/rsync/.md5sum
index 5eeb02b..651c4f0 100644
--- a/rsync/.md5sum
+++ b/rsync/.md5sum
@@ -1,3 +1,4 @@
+46fcea1ac64c9e075d0338f8e35b1af6  rsync-2.6.9-fname-obo.diff
 996d8d8831dbca17910094e56dcb5942  rsync-2.6.9.tar.gz
 f8dcfe5cf2afef1ea90107a6ff4540cd  rsync.driver
 a71995f22768c931c5649a1336d25ffb  rsyncd
diff --git a/rsync/Pkgfile b/rsync/Pkgfile
index 5bac4bd..39a8c5b 100644
--- a/rsync/Pkgfile
+++ b/rsync/Pkgfile
@@ -5,18 +5,22 @@
 
 name=rsync
 version=2.6.9
-release=1
+release=2
 source=(http://rsync.samba.org/ftp/$name/$name-$version.tar.gz \
-        rsyncd.conf rsyncd rsync.driver)
+        rsyncd.conf rsyncd rsync.driver \
+        $name-$version-fname-obo.diff)
 
 build () {
     cd $name-$version
+
+    patch -p1 -i $SRC/$name-$version-fname-obo.diff
+
     ./configure --prefix=/usr \
                 --mandir=/usr/man \
                 --with-rsh=ssh
     make
     make DESTDIR=$PKG install
-    
+
     mkdir -p $PKG/etc/{rc.d,ports/drivers} $PKG/var/log
     install -m 755 $SRC/rsyncd $PKG/etc/rc.d
     install -m 644 $SRC/rsyncd.conf $PKG/etc
diff --git a/rsync/rsync-2.6.9-fname-obo.diff b/rsync/rsync-2.6.9-fname-obo.diff
new file mode 100644
index 0000000..2fa0113
--- /dev/null
+++ b/rsync/rsync-2.6.9-fname-obo.diff
@@ -0,0 +1,60 @@
+--- rsync-2.6.9.orig/sender.c	2006-09-20 03:53:32.000000000 +0200
++++ rsync-2.6.9/sender.c	2007-07-25 15:33:05.000000000 +0200
+@@ -123,6 +123,7 @@
+ 	char fname[MAXPATHLEN];
+ 	struct file_struct *file;
+ 	unsigned int offset;
++	size_t l = 0;
+ 
+ 	if (ndx < 0 || ndx >= the_file_list->count)
+ 		return;
+@@ -133,6 +134,20 @@
+ 				    file->dir.root, "/", NULL);
+ 	} else
+ 		offset = 0;
++
++	l = offset + 1;
++	if (file) {
++		if (file->dirname)
++			l += strlen(file->dirname);
++		if (file->basename)
++			l += strlen(file->basename);
++	}
++
++	if (l >= sizeof(fname)) {
++		rprintf(FERROR, "Overlong pathname\n");
++		exit_cleanup(RERR_FILESELECT);
++	}
++
+ 	f_name(file, fname + offset);
+ 	if (remove_source_files) {
+ 		if (do_unlink(fname) == 0) {
+@@ -224,6 +239,7 @@
+ 	enum logcode log_code = log_before_transfer ? FLOG : FINFO;
+ 	int f_xfer = write_batch < 0 ? batch_fd : f_out;
+ 	int i, j;
++	size_t l = 0;
+ 
+ 	if (verbose > 2)
+ 		rprintf(FINFO, "send_files starting\n");
+@@ -259,6 +275,20 @@
+ 				fname[offset++] = '/';
+ 		} else
+ 			offset = 0;
++
++		l = offset + 1;
++		if (file) {
++			if (file->dirname)
++				l += strlen(file->dirname);
++			if (file->basename)
++				l += strlen(file->basename);
++		}
++
++		if (l >= sizeof(fname)) {
++			rprintf(FERROR, "Overlong pathname\n");
++			exit_cleanup(RERR_FILESELECT);
++		}
++
+ 		fname2 = f_name(file, fname + offset);
+ 
+ 		if (verbose > 2)



More information about the CRUX mailing list