]> git.ipfire.org Git - thirdparty/rsync.git/commitdiff
projects / thirdparty / rsync.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9f86ddc)
Refuse a duplicate dirlist.
authorWayne Davison <wayne@opencoder.net>
Thu, 14 Nov 2024 23:46:50 +0000 (15:46 -0800)
committerAndrew Tridgell <andrew@tridgell.net>
Tue, 14 Jan 2025 18:30:32 +0000 (05:30 +1100)
flist.c patch | blob | blame | history
rsync.h patch | blob | blame | history

diff --git a/flist.c b/flist.c
index 464d556ec906a572d2c378ac79e6d0fa169dd003..847b105482f4a737469efe0b05771df01e61fa20 100644 (file)
--- a/flist.c
+++ b/flist.c
@@ -2584,6 +2584,15 @@ struct file_list *recv_file_list(int f, int dir_ndx)
                init_hard_links();
 #endif
 
+       if (inc_recurse && dir_ndx >= 0) {
+               struct file_struct *file = dir_flist->files[dir_ndx];
+               if (file->flags & FLAG_GOT_DIR_FLIST) {
+                       rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);
+                       exit_cleanup(RERR_PROTOCOL);
+               }
+               file->flags |= FLAG_GOT_DIR_FLIST;
+       }
+
        flist = flist_new(0, "recv_file_list");
        flist_expand(flist, FLIST_START_LARGE);
 
diff --git a/rsync.h b/rsync.h
index 0f9e277f40d6c175de81d1a2ed907b0acd5e2a4a..b9a7101a7d450d7b6b72aa4e351b97db1e6157d0 100644 (file)
--- a/rsync.h
+++ b/rsync.h
@@ -84,6 +84,7 @@
 #define FLAG_DUPLICATE (1<<4)  /* sender */
 #define FLAG_MISSING_DIR (1<<4)        /* generator */
 #define FLAG_HLINKED (1<<5)    /* receiver/generator (checked on all types) */
+#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */
 #define FLAG_HLINK_FIRST (1<<6)        /* receiver/generator (w/FLAG_HLINKED) */
 #define FLAG_IMPLIED_DIR (1<<6)        /* sender/receiver/generator (dirs only) */
 #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */
Mirror of https://github.com/WayneD/rsync.git