range check dir_ndx before use

diff --git a/flist.c b/flist.c
index 847b105482f4a737469efe0b05771df01e61fa20..087f9da6c5d390481af091c156fae05f09618b11 100644 (file)
--- a/flist.c
+++ b/flist.c
@@ -2585,6 +2585,10 @@ struct file_list *recv_file_list(int f, int dir_ndx)
 #endif
 
        if (inc_recurse && dir_ndx >= 0) {
+               if (dir_ndx >= dir_flist->used) {
+                       rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used);
+                       exit_cleanup(RERR_PROTOCOL);
+               }
                struct file_struct *file = dir_flist->files[dir_ndx];
                if (file->flags & FLAG_GOT_DIR_FLIST) {
                        rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);