- CVE-2014-2855 fix

diff --git a/rsync-dos.patch b/rsync-dos.patch
new file mode 100644 (file)
index 0000000..b52d3d5
--- /dev/null
+++ b/rsync-dos.patch
@@ -0,0 +1,84 @@
+From 0dedfbce2c1b851684ba658861fe9d620636c56a Mon Sep 17 00:00:00 2001
+From: Wayne Davison <wayned@samba.org>
+Date: Sun, 13 Apr 2014 13:44:58 -0700
+Subject: [PATCH] Avoid infinite wait reading secrets file.
+
+---
+ authenticate.c |   24 +++++++++++++-----------
+ 1 files changed, 13 insertions(+), 11 deletions(-)
+
+diff --git a/authenticate.c b/authenticate.c
+index 3381b8c..c92746c 100644
+--- rsync/authenticate.c
++++ rsync/authenticate.c
+@@ -102,15 +102,16 @@ static const char *check_secret(int module, const char *user, const char *group,
+       char pass2[MAX_DIGEST_LEN*2];
+       const char *fname = lp_secrets_file(module);
+       STRUCT_STAT st;
+-      int fd, ok = 1;
++      int ok = 1;
+       int user_len = strlen(user);
+       int group_len = group ? strlen(group) : 0;
+       char *err;
++      FILE *fh;
+ 
+-      if (!fname || !*fname || (fd = open(fname, O_RDONLY)) < 0)
++      if (!fname || !*fname || (fh = fopen(fname, "r")) == NULL)
+               return "no secrets file";
+ 
+-      if (do_fstat(fd, &st) == -1) {
++      if (do_fstat(fileno(fh), &st) == -1) {
+               rsyserr(FLOG, errno, "fstat(%s)", fname);
+               ok = 0;
+       } else if (lp_strict_modes(module)) {
+@@ -123,29 +124,30 @@ static const char *check_secret(int module, const char *user, const char *group,
+               }
+       }
+       if (!ok) {
+-              close(fd);
++              fclose(fh);
+               return "ignoring secrets file";
+       }
+ 
+       if (*user == '#') {
+               /* Reject attempt to match a comment. */
+-              close(fd);
++              fclose(fh);
+               return "invalid username";
+       }
+ 
+       /* Try to find a line that starts with the user (or @group) name and a ':'. */
+       err = "secret not found";
+-      while ((user || group) && read_line_old(fd, line, sizeof line, 1)) {
+-              const char **ptr, *s;
++      while ((user || group) && fgets(line, sizeof line, fh) != NULL) {
++              const char **ptr, *s = strtok(line, "\n\r");
+               int len;
+-              if (*line == '@') {
++              if (!s)
++                      continue;
++              if (*s == '@') {
+                       ptr = &group;
+                       len = group_len;
+-                      s = line+1;
++                      s++;
+               } else {
+                       ptr = &user;
+                       len = user_len;
+-                      s = line;
+               }
+               if (!*ptr || strncmp(s, *ptr, len) != 0 || s[len] != ':')
+                       continue;
+@@ -158,7 +160,7 @@ static const char *check_secret(int module, const char *user, const char *group,
+               *ptr = NULL; /* Don't look for name again. */
+       }
+ 
+-      close(fd);
++      fclose(fh);
+ 
+       memset(line, 0, sizeof line);
+       memset(pass2, 0, sizeof pass2);
+-- 
+1.7.0.4
+
+ 

diff --git a/rsync.spec b/rsync.spec
index 47d4820ca47cc5a40472a2d1c38b6877d042b6a0..82fbfdd1f570862662d2d22ef4c195319f1c7574 100644 (file)
--- a/rsync.spec
+++ b/rsync.spec
@@ -30,6 +30,7 @@ Source4:      %{name}.sysconfig
 Source5:       %{name}d.logrotate
 Patch0:                %{name}-config.patch
 Patch1:                %{name}-openssl-read_line_old.patch
+Patch2:                %{name}-dos.patch
 URL:           http://rsync.samba.org/
 BuildRequires: acl-devel
 BuildRequires: autoconf >= 2.52
@@ -166,6 +167,9 @@ patch -p1 < patches/openssl-support.diff || exit 1
 # fix call to read_line_old in clientserver.c (from openssl-support.patch)
 %patch1 -p1
 
+# CVE-2014-2855
+%patch2 -p1
+
 %build
 cp -f /usr/share/automake/config.sub .
 %{__autoheader}