mirror of
https://git.yoctoproject.org/git/poky
synced 2026-01-01 13:58:04 +00:00
997f8de24c
Fix an out-of-bounds read triggered by a malicious rsync client acting as a receiver. The issue can be exploited with read access to an rsync module. CVE: CVE-2025-10158 (From OE-Core rev: 110933506d7a1177d1a074866d08fe0b0da612d7) Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech> Signed-off-by: Steve Sakoman <steve@sakoman.com>
37 lines
1.1 KiB
Diff
37 lines
1.1 KiB
Diff
From 797e17fc4a6f15e3b1756538a9f812b63942686f Mon Sep 17 00:00:00 2001
|
|
From: Andrew Tridgell <andrew@tridgell.net>
|
|
Date: Sat, 23 Aug 2025 17:26:53 +1000
|
|
Subject: [PATCH] fixed an invalid access to files array
|
|
|
|
|
|
this was found by Calum Hutton from Rapid7. It is a real bug, but
|
|
analysis shows it can't be leverged into an exploit. Worth fixing
|
|
though.
|
|
|
|
Many thanks to Calum and Rapid7 for finding and reporting this
|
|
|
|
CVE: CVE-2025-10158
|
|
Upstream-Status: Backport
|
|
[https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f]
|
|
Signed-off-by: Adarsh Jagadish Kamini<adarsh.jagadish.kamini@est.tech>
|
|
---
|
|
sender.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/sender.c b/sender.c
|
|
index 2bbff2fa..5528071e 100644
|
|
--- a/sender.c
|
|
+++ b/sender.c
|
|
@@ -262,6 +262,8 @@ void send_files(int f_in, int f_out)
|
|
|
|
if (ndx - cur_flist->ndx_start >= 0)
|
|
file = cur_flist->files[ndx - cur_flist->ndx_start];
|
|
+ else if (cur_flist->parent_ndx < 0)
|
|
+ exit_cleanup(RERR_PROTOCOL);
|
|
else
|
|
file = dir_flist->files[cur_flist->parent_ndx];
|
|
if (F_PATHNAME(file)) {
|
|
--
|
|
2.44.1
|
|
|