mirror of
https://github.com/RsyncProject/rsync.git
synced 2026-05-10 16:03:48 -04:00
359e539a72
Validate that token numbers read from compressed streams are non-negative. A negative token value would cause the return value of recv_*_token() to become positive, which callers interpret as literal data length, but no data pointer is set on this code path. While this only causes the receiver to crash (which is process-isolated and only affects the attacker's own connection), it's still undefined behavior. Reported-by: Will Sergeant <wlsergeant@gmail.com>
27 KiB
27 KiB