kumquat-buildroot/package/rsync/0004-Enforce-trailing-0-when-receiving-xattr-name-values.patch

From 47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 Mon Sep 17 00:00:00 2001
From: Wayne Davison <wayned@samba.org>
Date: Sun, 5 Nov 2017 11:33:15 -0800
Subject: [PATCH] Enforce trailing \0 when receiving xattr name values. Fixes
 bug 13112.

Fixes CVE-2017-16548

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
Patch status: upstream commit 47a63d90e7

 xattrs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/xattrs.c b/xattrs.c
index 68305d75..4867e6f5 100644
--- a/xattrs.c
+++ b/xattrs.c
@@ -824,6 +824,10 @@ void receive_xattr(int f, struct file_struct *file)
 			out_of_memory("receive_xattr");
 		name = ptr + dget_len + extra_len;
 		read_buf(f, name, name_len);
+		if (name_len < 1 || name[name_len-1] != '\0') {
+			rprintf(FERROR, "Invalid xattr name received (missing trailing \\0).\n");
+			exit_cleanup(RERR_FILEIO);
+		}
 		if (dget_len == datum_len)
 			read_buf(f, ptr, dget_len);
 		else {
-- 
2.11.0