mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-05 14:29:48 +00:00
Code Issues Projects Releases Wiki Activity

libarchive: fix bug1066

Browse Source 
Fix out of bounds read on empty string filename for guntar, pax and v7tar

(From OE-Core rev: 459506272b8800604886f6bd3bc32ee09d7bb906)

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Andrej Valek
2018-10-10 15:40:14 +02:00
committed by Richard Purdie
parent 8a2e53b525
commit 31dbe40c9f
2 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-extended/libarchive/libarchive/bug1066.patch
+54
View File
@@ -0,0 +1,54 @@
libarchive-3.3.3: Fix bug1066
[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/1066
archive_write_set_format_*.c: fix out of bounds read on empty string () filename
for guntar, pax and v7tar
There is an out of bounds read flaw in the archive_write_gnutar_header,
archive_write_pax_header and archive_write_v7tar_header functions which
could leds to cause a denial of service.
Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/c246ec5d058a3f70a2d3fb765f92fe9db77b25df]
Bug: 1066
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
diff --git a/libarchive/archive_write_set_format_gnutar.c b/libarchive/archive_write_set_format_gnutar.c
index 2d858c9..1966c53 100644
--- a/libarchive/archive_write_set_format_gnutar.c
+++ b/libarchive/archive_write_set_format_gnutar.c
@@ -339,7 +339,7 @@ archive_write_gnutar_header(struct archive_write *a,
* case getting WCS failed. On POSIX, this is a
* normal operation.
*/
- if (p != NULL && p[strlen(p) - 1] != '/') {
+ if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
struct archive_string as;
archive_string_init(&as);
diff --git a/libarchive/archive_write_set_format_pax.c b/libarchive/archive_write_set_format_pax.c
index 6a301ac..4cfa8ff 100644
--- a/libarchive/archive_write_set_format_pax.c
+++ b/libarchive/archive_write_set_format_pax.c
@@ -660,7 +660,7 @@ archive_write_pax_header(struct archive_write *a,
* case getting WCS failed. On POSIX, this is a
* normal operation.
*/
- if (p != NULL && p[strlen(p) - 1] != '/') {
+ if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
struct archive_string as;
archive_string_init(&as);
diff --git a/libarchive/archive_write_set_format_v7tar.c b/libarchive/archive_write_set_format_v7tar.c
index 62b1522..53c0db0 100644
--- a/libarchive/archive_write_set_format_v7tar.c
+++ b/libarchive/archive_write_set_format_v7tar.c
@@ -284,7 +284,7 @@ archive_write_v7tar_header(struct archive_write *a, struct archive_entry *entry)
* case getting WCS failed. On POSIX, this is a
* normal operation.
*/
- if (p != NULL && p[strlen(p) - 1] != '/') {
+ if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
struct archive_string as;
archive_string_init(&as);
meta/recipes-extended/libarchive/libarchive_3.3.3.bb
+1
View File
@@ -33,6 +33,7 @@ EXTRA_OECONF += "--enable-largefile"
SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
file://non-recursive-extract-and-list.patch \
file://bug1066.patch \
"
SRC_URI[md5sum] = "4038e366ca5b659dae3efcc744e72120"