7f33f1d848
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. For more details, see: https://bugzilla.samba.org/show_bug.cgi?id=13112 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
||
|---|---|---|
| .. | ||
| 0001-Check-fname-in-recv_files-sooner.patch | ||
| 0002-Sanitize-xname-in-read_ndx_and_attrs.patch | ||
| 0003-Check-daemon-filter-against-fnamecmp-in-recv_files.patch | ||
| 0004-Enforce-trailing-0-when-receiving-xattr-name-values.patch | ||
| Config.in | ||
| rsync.hash | ||
| rsync.mk | ||