From: Andrew Tridgell <andrew@tridgell.net>
Date: Tue, 26 Nov 2024 05:12:45 +0000 (+1100)
Subject: range check dir_ndx before use
X-Git-Tag: v3.4.0~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=344327385fa47fa5bb67a32c237735e6240cfb93;p=thirdparty%2Frsync.git

range check dir_ndx before use
---

diff --git a/flist.c b/flist.c
index 847b1054..087f9da6 100644
--- a/flist.c
+++ b/flist.c
@@ -2585,6 +2585,10 @@ struct file_list *recv_file_list(int f, int dir_ndx)
 #endif
 
 	if (inc_recurse && dir_ndx >= 0) {
+		if (dir_ndx >= dir_flist->used) {
+			rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used);
+			exit_cleanup(RERR_PROTOCOL);
+		}
 		struct file_struct *file = dir_flist->files[dir_ndx];
 		if (file->flags & FLAG_GOT_DIR_FLIST) {
 			rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);