Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
rsync
rsync-3.1.0-CVE-2018-5764.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rsync-3.1.0-CVE-2018-5764.patch of Package rsync
From 7706303828fcde524222babb2833864a4bd09e07 Mon Sep 17 00:00:00 2001 From: Jeriko One <jeriko.one@gmx.us> Date: Mon, 20 Nov 2017 14:42:30 -0800 Subject: [PATCH 1/1] Ignore --protect-args when already sent by client In parse_arguments when --protect-args is encountered the function exits early. The caller is expected to check protect_args, and recall parse_arguments setting protect_args to 2. This patch prevents the client from resetting protect_args during the second pass of parse_arguments. This prevents parse_arguments returning early the second time before it's able to sanitize the arguments it received. --- options.c | 5 +++++ 1 file changed, 5 insertions(+) Index: rsync-3.1.0/options.c =================================================================== --- rsync-3.1.0.orig/options.c +++ rsync-3.1.0/options.c @@ -1302,6 +1302,7 @@ int parse_arguments(int *argc_p, const c const char *arg, **argv = *argv_p; int argc = *argc_p; int opt; + int orig_protect_args = protect_args; if (ref && *ref) set_refuse_options(ref); @@ -1925,6 +1926,10 @@ int parse_arguments(int *argc_p, const c if (fuzzy_basis > 1) fuzzy_basis = basis_dir_cnt + 1; + /* Don't let the client reset protect_args if it was already processed */ + if (orig_protect_args == 2 && am_server) + protect_args = orig_protect_args; + if (protect_args == 1 && am_server) return 1;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor