diff options
Diffstat (limited to 'net/rsync/files/patch-CVE-2017-17433')
-rw-r--r-- | net/rsync/files/patch-CVE-2017-17433 | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/net/rsync/files/patch-CVE-2017-17433 b/net/rsync/files/patch-CVE-2017-17433 new file mode 100644 index 000000000000..1b69cf6600dd --- /dev/null +++ b/net/rsync/files/patch-CVE-2017-17433 @@ -0,0 +1,44 @@ +From: Jeriko One <jeriko.one@gmx.us> +Date: Thu, 2 Nov 2017 23:44:19 -0700 +Subject: Check fname in recv_files sooner. +Origin: https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51 +Bug-Debian: https://bugs.debian.org/883667 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17433 + +--- + receiver.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/receiver.c b/receiver.c +index baae3a91..9fdafa15 100644 +--- a/receiver.c ++++ b/receiver.c +@@ -574,6 +574,12 @@ int recv_files(int f_in, int f_out, char *local_name) + file = dir_flist->files[cur_flist->parent_ndx]; + fname = local_name ? local_name : f_name(file, fbuf); + ++ if (daemon_filter_list.head ++ && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { ++ rprintf(FERROR, "attempt to hack rsync failed.\n"); ++ exit_cleanup(RERR_PROTOCOL); ++ } ++ + if (DEBUG_GTE(RECV, 1)) + rprintf(FINFO, "recv_files(%s)\n", fname); + +@@ -645,12 +651,6 @@ int recv_files(int f_in, int f_out, char *local_name) + + cleanup_got_literal = 0; + +- if (daemon_filter_list.head +- && check_filter(&daemon_filter_list, FLOG, fname, 0) < 0) { +- rprintf(FERROR, "attempt to hack rsync failed.\n"); +- exit_cleanup(RERR_PROTOCOL); +- } +- + if (read_batch) { + int wanted = redoing + ? we_want_redo(ndx) +-- +2.15.1 + |