blob: b067809ebb3afc18f965f660ab429010563a08d0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
From b3e16be18d582dac1513c0a932d146b36e867b1b Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <andrew@tridgell.net>
Date: Tue, 26 Nov 2024 16:12:45 +1100
Subject: [PATCH 2/2] range check dir_ndx before use
---
flist.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/flist.c b/flist.c
index 847b1054..087f9da6 100644
--- a/flist.c
+++ b/flist.c
@@ -2585,6 +2585,10 @@ struct file_list *recv_file_list(int f, int dir_ndx)
#endif
if (inc_recurse && dir_ndx >= 0) {
+ if (dir_ndx >= dir_flist->used) {
+ rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used);
+ exit_cleanup(RERR_PROTOCOL);
+ }
struct file_struct *file = dir_flist->files[dir_ndx];
if (file->flags & FLAG_GOT_DIR_FLIST) {
rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);
--
2.34.1
|
