[CVE-2017-16548] Enforce trailing \0 when receiving xattr name values. Fixes bug 13112.tizen_6.5.m2_release submit/tizen_6.5/20211028.163601 submit/tizen/20210317.055309 accepted/tizen/unified/20210318.055905 accepted/tizen/6.5/unified/20211028.232115 tizen_6.5 backup/rsync-3.1.1-20220217 accepted/tizen_6.5_unified

Change-Id: I908f51f6505e0f280cecf442440a2241ef64aee3 Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
author: Wayne Davison <wayned@samba.org> 2017-11-05 11:33:15 -0800
committer: DongHun Kwak <dh0128.kwak@samsung.com> 2021-03-17 14:30:31 +0900
commit: 7ca7dbf4b1c4226748597ecff8ddef26140264df (patch)
tree: 2edd90393e7069878aa88ae2895342303ab64baa
parent: f133efba5df6eaffa88a3c5b2e737b9e81f23116 (diff)
download: rsync-tizen_6.5.tar.gz
rsync-tizen_6.5.tar.bz2
rsync-tizen_6.5.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/xattrs.c b/xattrs.c
index 57d40e17..bd3309d2 100644
--- a/xattrs.c
+++ b/xattrs.c
@@ -696,6 +696,10 @@ void receive_xattr(int f, struct file_struct *file)
 			out_of_memory("receive_xattr");
 		name = ptr + dget_len + extra_len;
 		read_buf(f, name, name_len);
+		if (name_len < 1 || name[name_len-1] != '\0') {
+			rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n");
+			exit_cleanup(RERR_FILEIO);
+		}
 		if (dget_len == datum_len)
 			read_buf(f, ptr, dget_len);
 		else {
author	Wayne Davison <wayned@samba.org>	2017-11-05 11:33:15 -0800
committer	DongHun Kwak <dh0128.kwak@samsung.com>	2021-03-17 14:30:31 +0900
commit	7ca7dbf4b1c4226748597ecff8ddef26140264df (patch)
tree	2edd90393e7069878aa88ae2895342303ab64baa
parent	f133efba5df6eaffa88a3c5b2e737b9e81f23116 (diff)
download	rsync-tizen_6.5.tar.gz rsync-tizen_6.5.tar.bz2 rsync-tizen_6.5.zip