sources/poky/meta/recipes-devtools/rsync/files/CVE-2024-12086-0004.patch

From 9f86ddc9652247233f32b241a79d5aa4fb9d4afa Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <andrew@tridgell.net>
Date: Tue, 26 Nov 2024 09:16:31 +1100
Subject: [PATCH] disallow ../ elements in relpath for secure_relative_open

CVE: CVE-2024-12086

Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=9f86ddc9652247233f32b241a79d5aa4fb9d4afa]

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
 syscall.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/syscall.c b/syscall.c
index cffc814b..081357bb 100644
--- a/syscall.c
+++ b/syscall.c
@@ -716,6 +716,8 @@ int do_open_nofollow(const char *pathname, int flags)
   must be a relative path, and the relpath must not contain any
   elements in the path which follow symlinks (ie. like O_NOFOLLOW, but
   applies to all path components, not just the last component)
+
+  The relpath must also not contain any ../ elements in the path
 */
 int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode)
 {
@@ -724,6 +726,11 @@ int secure_relative_open(const char *basedir, const char *relpath, int flags, mo
		errno = EINVAL;
		return -1;
	}
+	if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) {
+		// no ../ elements allowed in the relpath
+		errno = EINVAL;
+		return -1;
+	}

 #if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY)
	// really old system, all we can do is live with the risks
--
2.40.0
Complete Yocto mirror with license table for TQMa6UL (2038-compliance) - 264 license table entries with exact download URLs (224/264 resolved) - Complete sources/ directory with all BitBake recipes - Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl) - Full traceability for Softwarefreigabeantrag - GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4 - License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16) 2026-03-01 20:58:18 +00:00			`From 9f86ddc9652247233f32b241a79d5aa4fb9d4afa Mon Sep 17 00:00:00 2001`
			`From: Andrew Tridgell <andrew@tridgell.net>`
			`Date: Tue, 26 Nov 2024 09:16:31 +1100`
			`Subject: [PATCH] disallow ../ elements in relpath for secure_relative_open`

			`CVE: CVE-2024-12086`

			`Upstream-Status: Backport [https://git.samba.org/?p=rsync.git;a=commit;h=9f86ddc9652247233f32b241a79d5aa4fb9d4afa]`

			`Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>`
			`---`
			`syscall.c \| 7 +++++++`
			`1 file changed, 7 insertions(+)`

			`diff --git a/syscall.c b/syscall.c`
			`index cffc814b..081357bb 100644`
			`--- a/syscall.c`
			`+++ b/syscall.c`
			`@@ -716,6 +716,8 @@ int do_open_nofollow(const char *pathname, int flags)`
			`must be a relative path, and the relpath must not contain any`
			`elements in the path which follow symlinks (ie. like O_NOFOLLOW, but`
			`applies to all path components, not just the last component)`
			`+`
			`+ The relpath must also not contain any ../ elements in the path`
			`*/`
			`int secure_relative_open(const char basedir, const char relpath, int flags, mode_t mode)`
			`{`
			`@@ -724,6 +726,11 @@ int secure_relative_open(const char basedir, const char relpath, int flags, mo`
			`errno = EINVAL;`
			`return -1;`
			`}`
			`+ if (strncmp(relpath, "../", 3) == 0 \|\| strstr(relpath, "/../")) {`
			`+ // no ../ elements allowed in the relpath`
			`+ errno = EINVAL;`
			`+ return -1;`
			`+ }`

			`#if !defined(O_NOFOLLOW) \|\| !defined(O_DIRECTORY)`
			`// really old system, all we can do is live with the risks`
			`--`
			`2.40.0`