File rsync-equivalent_of_CVE-2014-8242.patch of Package rsync

Overview Repositories Revisions Requests Users Attributes Meta

File rsync-equivalent_of_CVE-2014-8242.patch of Package rsync

From eac858085e3ac94ec0ab5061d11f52652c90a869 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayned@samba.org>
Date: Mon, 11 May 2015 12:36:20 -0700
Subject: [PATCH] Add compat flag to allow proper seed checksum order. Fixes
 the equivalent of librsync's CVE-2014-8242 issue.

---
 checksum.c | 17 +++++++++++++----
 compat.c   |  5 +++++
 options.c  |  1 +
 3 files changed, 19 insertions(+), 4 deletions(-)

Index: rsync-3.1.0/checksum.c
===================================================================
--- rsync-3.1.0.orig/checksum.c	2015-10-07 15:26:37.725611538 +0200
+++ rsync-3.1.0/checksum.c	2015-10-07 15:26:38.822626286 +0200
@@ -23,6 +23,7 @@
 
 extern int checksum_seed;
 extern int protocol_version;
+extern int proper_seed_order;
 
 /*
   a simple 32 bit checksum that can be upadted from either end
@@ -54,10 +55,18 @@ void get_checksum2(char *buf, int32 len,
 	if (protocol_version >= 30) {
 		uchar seedbuf[4];
 		md5_begin(&m);
-		md5_update(&m, (uchar *)buf, len);
-		if (checksum_seed) {
-			SIVALu(seedbuf, 0, checksum_seed);
-			md5_update(&m, seedbuf, 4);
+		if (proper_seed_order) {
+			if (checksum_seed) {
+				SIVALu(seedbuf, 0, checksum_seed);
+				md5_update(&m, seedbuf, 4);
+			}
+			md5_update(&m, (uchar *)buf, len);
+		} else {
+			md5_update(&m, (uchar *)buf, len);
+			if (checksum_seed) {
+				SIVALu(seedbuf, 0, checksum_seed);
+				md5_update(&m, seedbuf, 4);
+			}
 		}
 		md5_result(&m, (uchar *)sum);
 	} else {
Index: rsync-3.1.0/compat.c
===================================================================
--- rsync-3.1.0.orig/compat.c	2015-10-07 15:26:38.822626286 +0200
+++ rsync-3.1.0/compat.c	2015-10-07 15:28:45.553329106 +0200
@@ -26,6 +26,7 @@ int file_extra_cnt = 0; /* count of file
 int inc_recurse = 0;
 int compat_flags = 0;
 int use_safe_inc_flist = 0;
+int proper_seed_order = 0;
 
 extern int am_server;
 extern int am_sender;
@@ -76,6 +77,7 @@ int filesfrom_convert = 0;
 #define CF_SYMLINK_TIMES (1<<1)
 #define CF_SYMLINK_ICONV (1<<2)
 #define CF_SAFE_FLIST	 (1<<3)
+#define CF_CHKSUM_SEED_FIX (1<<5)
 
 static const char *client_info;
 
@@ -253,11 +255,14 @@ void setup_protocol(int f_out,int f_in)
 #endif
 			if (local_server || strchr(client_info, 'f') != NULL)
 				compat_flags |= CF_SAFE_FLIST;
+			if (local_server || strchr(client_info, 'C') != NULL)
+				compat_flags |= CF_CHKSUM_SEED_FIX;
 			write_byte(f_out, compat_flags);
 		} else
 			compat_flags = read_byte(f_in);
 		/* The inc_recurse var MUST be set to 0 or 1. */
 		inc_recurse = compat_flags & CF_INC_RECURSE ? 1 : 0;
+		proper_seed_order = compat_flags & CF_CHKSUM_SEED_FIX ? 1 : 0;
 		if (am_sender) {
 			receiver_symlink_times = am_server
 			    ? strchr(client_info, 'L') != NULL
Index: rsync-3.1.0/options.c
===================================================================
--- rsync-3.1.0.orig/options.c	2015-10-07 15:26:38.823626300 +0200
+++ rsync-3.1.0/options.c	2015-10-07 15:30:33.161773618 +0200
@@ -2481,6 +2481,7 @@ void server_options(char **args, int *ar
 #ifdef ICONV_OPTION
 		argstr[x++] = 's';
 #endif
+		argstr[x++] = 'C'; /* support checksum seed order fix */
 	}
 
 	if (x >= (int)sizeof argstr) { /* Not possible... */

Places

File rsync-equivalent_of_CVE-2014-8242.patch of Package rsync

Places