From: Archana Polampalli <archana.polampa...@windriver.com> A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Signed-off-by: Archana Polampalli <archana.polampa...@windriver.com> --- .../rsync/files/CVE-2024-12085.patch | 32 +++++++++++++++++++ meta/recipes-devtools/rsync/rsync_3.2.7.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-devtools/rsync/files/CVE-2024-12085.patch diff --git a/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch new file mode 100644 index 0000000000..165d5a62f9 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2024-12085.patch @@ -0,0 +1,32 @@ +From 589b0691e59f761ccb05ddb8e1124991440db2c7 Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell <and...@tridgell.net> +Date: Thu, 14 Nov 2024 09:57:08 +1100 +Subject: [PATCH] prevent information leak off the stack + +prevent leak of uninitialised stack data in hash_search + +CVE: CVE-2024-12085 + +Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=589b0691e59f761ccb05ddb8e1124991440db2c7] + +Signed-off-by: Archana Polampalli <archana.polampa...@windriver.com> +--- + match.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/match.c b/match.c +index 36e78ed2..dfd6af2c 100644 +--- a/match.c ++++ b/match.c +@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s, + int more; + schar *map; + ++ // prevent possible memory leaks ++ memset(sum2, 0, sizeof sum2); ++ + /* want_i is used to encourage adjacent matches, allowing the RLL + * coding of the output to work more efficiently. */ + want_i = 0; +-- +2.40.0 diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb index 2f3ea61978..0d9c68a915 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb @@ -17,6 +17,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://0001-Add-missing-prototypes-to-function-declarations.patch \ file://CVE-2024-12084-0001.patch \ file://CVE-2024-12084-0002.patch \ + file://CVE-2024-12085.patch \ " SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" -- 2.40.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#209954): https://lists.openembedded.org/g/openembedded-core/message/209954 Mute This Topic: https://lists.openembedded.org/mt/110648359/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
