mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-03 13:49:49 +00:00
Code Issues Projects Releases Wiki Activity

tar: Fix for CVE-2023-39804

Browse Source 
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4

(From OE-Core rev: 082c31db387957963952c485a436dc38a64498d0)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Vijay Anusuri
2024-03-29 08:56:03 +05:30
committed by Steve Sakoman
parent 869db167b1
commit ea68e06fa2
2 changed files with 65 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-extended/tar/tar/CVE-2023-39804.patch
+64
View File
@@ -0,0 +1,64 @@
From a339f05cd269013fa133d2f148d73f6f7d4247e4 Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <gray@gnu.org>
Date: Sat, 28 Aug 2021 16:02:12 +0300
Subject: Fix handling of extended header prefixes
* src/xheader.c (locate_handler): Recognize prefix keywords only
when followed by a dot.
(xattr_decoder): Use xmalloc/xstrdup instead of alloc
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4]
CVE: CVE-2023-39804
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
src/xheader.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/src/xheader.c b/src/xheader.c
index 4f8b2b2..3cd694d 100644
--- a/src/xheader.c
+++ b/src/xheader.c
@@ -637,11 +637,11 @@ static struct xhdr_tab const *
locate_handler (char const *keyword)
{
struct xhdr_tab const *p;
-
for (p = xhdr_tab; p->keyword; p++)
if (p->prefix)
{
- if (strncmp (p->keyword, keyword, strlen(p->keyword)) == 0)
+ size_t kwlen = strlen (p->keyword);
+ if (keyword[kwlen] == '.' && strncmp (p->keyword, keyword, kwlen) == 0)
return p;
}
else
@@ -1716,19 +1716,20 @@ xattr_decoder (struct tar_stat_info *st,
char const *keyword, char const *arg, size_t size)
{
char *xstr, *xkey;
-
+
/* copy keyword */
- size_t klen_raw = strlen (keyword);
- xkey = alloca (klen_raw + 1);
- memcpy (xkey, keyword, klen_raw + 1) /* including null-terminating */;
+ xkey = xstrdup (keyword);
/* copy value */
- xstr = alloca (size + 1);
+ xstr = xmalloc (size + 1);
memcpy (xstr, arg, size + 1); /* separator included, for GNU tar '\n' */;
xattr_decode_keyword (xkey);
- xheader_xattr_add (st, xkey + strlen("SCHILY.xattr."), xstr, size);
+ xheader_xattr_add (st, xkey + strlen ("SCHILY.xattr."), xstr, size);
+
+ free (xkey);
+ free (xstr);
}
static void
--
cgit v1.1
meta/recipes-extended/tar/tar_1.32.bb
+1
View File
@@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
file://musl_dirent.patch \ file://musl_dirent.patch \
file://CVE-2021-20193.patch \ file://CVE-2021-20193.patch \
file://CVE-2022-48303.patch \ file://CVE-2022-48303.patch \
file://CVE-2023-39804.patch \
" "
SRC_URI[md5sum] = "17917356fff5cb4bd3cd5a6c3e727b05" SRC_URI[md5sum] = "17917356fff5cb4bd3cd5a6c3e727b05"