Resolves: #2116669 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field

2022-08-18 10:28:46 +02:00 · 2022-08-18 10:28:46 +02:00 · eb69e042dc
commit eb69e042dc
parent bf0b0151cc
2 changed files with 22 additions and 1 deletions
--- a/rsync-3.2.3-cve-2022-37434.patch
+++ b/rsync-3.2.3-cve-2022-37434.patch
@ -0,0 +1,16 @@
+diff --git a/zlib/inflate.c b/zlib/inflate.c
+index e43abd9..bd33c19 100644
+--- a/zlib/inflate.c
+++ b/zlib/inflate.c
+@@ -740,8 +740,9 @@ int flush;
+                 if (copy > have) copy = have;
+                 if (copy) {
+                     if (state->head != Z_NULL &&
+-                        state->head->extra != Z_NULL) {
+-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        (len = state->head->extra_len - state->length) <
+			    state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
--- a/rsync.spec
+++ b/rsync.spec
@ -10,7 +10,7 @@
 Summary: A program for synchronizing files over a network
 Name: rsync
 Version: 3.2.3
-Release: 16%{?dist}
+Release: 17%{?dist}
 URL: https://rsync.samba.org/

 Source0: https://download.samba.org/pub/rsync/src/rsync-%{version}%{?prerelease}.tar.gz
@ -39,6 +39,7 @@ Patch4: rsync-3.2.3-xattr.patch
 Patch5: rsync-3.2.3-segfault.patch
 Patch6: rsync-3.2.3-atimes.patch
 Patch7: rsync-3.1.3-cve-2018-25032.patch
+Patch8: rsync-3.2.3-cve-2022-37434.patch

 %description
 Rsync uses a reliable algorithm to bring remote and host files into
@ -80,6 +81,7 @@ patch -p1 -i patches/copy-devices.diff
 %patch5 -p1 -b .segfault
 %patch6 -p1 -b .atimes
 %patch7 -p1 -b .cve-2018-25032
+%patch8 -p1 -b .cve-2022-37434

 %build
 %configure --disable-xxhash
@ -126,6 +128,9 @@ install -D -m644 %{SOURCE6} $RPM_BUILD_ROOT/%{_unitdir}/rsyncd@.service
 %systemd_postun_with_restart rsyncd.service

 %changelog
+* Thu Aug 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-17
+- Resolves: #2116669 - zlib: a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field
+
 * Wed May 18 2022 Michal Ruprich <mruprich@redhat.com> - 3.2.3-16
 - Related: #2081296 - Adding ci.fmf for separation of testing results