mirror of
https://git.yoctoproject.org/git/poky
synced 2026-01-01 13:58:04 +00:00
652e8fc3b9
CVE-2025-10158:
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-10158]
Upstream patch:
[797e17fc4a]
(From OE-Core rev: fe4bea86b27551edbe7440ff47041b6d45b2f4e1)
Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
37 lines
1.1 KiB
Diff
37 lines
1.1 KiB
Diff
From a8fabf850c3c5164520c307199e9abc5ded45e4c Mon Sep 17 00:00:00 2001
|
|
From: Andrew Tridgell <andrew@tridgell.net>
|
|
Date: Sat, 23 Aug 2025 17:26:53 +1000
|
|
Subject: [PATCH] fixed an invalid access to files array
|
|
|
|
this was found by Calum Hutton from Rapid7. It is a real bug, but
|
|
analysis shows it can't be leverged into an exploit. Worth fixing
|
|
though.
|
|
|
|
Many thanks to Calum and Rapid7 for finding and reporting this
|
|
|
|
CVE: CVE-2025-10158
|
|
|
|
Upstream-Status: Backport [https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f]
|
|
|
|
Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
|
|
---
|
|
sender.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/sender.c b/sender.c
|
|
index a4d46c39..b1588b70 100644
|
|
--- a/sender.c
|
|
+++ b/sender.c
|
|
@@ -262,6 +262,8 @@ void send_files(int f_in, int f_out)
|
|
|
|
if (ndx - cur_flist->ndx_start >= 0)
|
|
file = cur_flist->files[ndx - cur_flist->ndx_start];
|
|
+ else if (cur_flist->parent_ndx < 0)
|
|
+ exit_cleanup(RERR_PROTOCOL);
|
|
else
|
|
file = dir_flist->files[cur_flist->parent_ndx];
|
|
if (F_PATHNAME(file)) {
|
|
--
|
|
2.35.5
|
|
|