summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/libtar
diff options
context:
space:
mode:
Diffstat (limited to 'meta-oe/recipes-support/libtar')
-rw-r--r--meta-oe/recipes-support/libtar/files/0003-Fix-missing-prototype-compiler-warnings.patch53
-rw-r--r--meta-oe/recipes-support/libtar/files/0004-Fix-invalid-memory-de-reference-issue.patch44
-rw-r--r--meta-oe/recipes-support/libtar/files/0005-fix-file-descriptor-leaks-reported-by-cppcheck.patch101
-rw-r--r--meta-oe/recipes-support/libtar/files/0006-fix-memleak-on-tar_open-failure.patch26
-rw-r--r--meta-oe/recipes-support/libtar/files/0007-fix-memleaks-in-libtar-sample-program.patch119
-rw-r--r--meta-oe/recipes-support/libtar/files/0008-decode-avoid-using-a-static-buffer-in-th_get_pathnam.patch89
-rw-r--r--meta-oe/recipes-support/libtar/files/0009-Check-for-NULL-before-freeing-th_pathname.patch30
-rw-r--r--meta-oe/recipes-support/libtar/files/0010-Added-stdlib.h-for-malloc-in-lib-decode.c.patch26
-rw-r--r--meta-oe/recipes-support/libtar/files/0011-libtar-fix-programming-mistakes-detected-by-static-a.patch100
-rw-r--r--meta-oe/recipes-support/libtar/files/CVE-2013-4420.patch160
-rw-r--r--meta-oe/recipes-support/libtar/files/CVE-2021-33640-CVE-2021-33645-CVE-2021-33646.patch42
-rw-r--r--meta-oe/recipes-support/libtar/files/CVE-2021-33643-CVE-2021-33644.patch52
-rw-r--r--meta-oe/recipes-support/libtar/libtar_1.2.20.bb12
13 files changed, 854 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libtar/files/0003-Fix-missing-prototype-compiler-warnings.patch b/meta-oe/recipes-support/libtar/files/0003-Fix-missing-prototype-compiler-warnings.patch
new file mode 100644
index 000000000..f0fd2a4aa
--- /dev/null
+++ b/meta-oe/recipes-support/libtar/files/0003-Fix-missing-prototype-compiler-warnings.patch
@@ -0,0 +1,53 @@
1From 9426ac3d232e2f90c571979a2166c5e1328967d1 Mon Sep 17 00:00:00 2001
2From: Hans de Goede <j.w.r.degoede@hhs.nl>
3Date: Tue, 15 Oct 2013 14:39:04 +0200
4Subject: [PATCH] Fix missing prototype compiler warnings
5
6Signed-off-by: Kamil Dudka <kdudka@redhat.com>
7
8Upstream-Status: Backport [https://repo.or.cz/libtar.git/commit/30e5556d1c9323e9f1887b28d42581c2954b53c9]
9
10Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
11---
12 lib/append.c | 2 ++
13 lib/output.c | 1 +
14 lib/wrapper.c | 1 +
15 3 files changed, 4 insertions(+)
16
17diff --git a/lib/append.c b/lib/append.c
18index 13e1ace..e8bd89d 100644
19--- a/lib/append.c
20+++ b/lib/append.c
21@@ -13,6 +13,8 @@
22 #include <internal.h>
23
24 #include <stdio.h>
25+#include <stdlib.h>
26+#include <string.h>
27 #include <errno.h>
28 #include <fcntl.h>
29 #include <sys/param.h>
30diff --git a/lib/output.c b/lib/output.c
31index a2db929..a5262ee 100644
32--- a/lib/output.c
33+++ b/lib/output.c
34@@ -13,6 +13,7 @@
35 #include <internal.h>
36
37 #include <stdio.h>
38+#include <stdlib.h>
39 #include <pwd.h>
40 #include <grp.h>
41 #include <time.h>
42diff --git a/lib/wrapper.c b/lib/wrapper.c
43index 4cd0652..44cc435 100644
44--- a/lib/wrapper.c
45+++ b/lib/wrapper.c
46@@ -13,6 +13,7 @@
47 #include <internal.h>
48
49 #include <stdio.h>
50+#include <stdlib.h>
51 #include <sys/param.h>
52 #include <dirent.h>
53 #include <errno.h>
diff --git a/meta-oe/recipes-support/libtar/files/0004-Fix-invalid-memory-de-reference-issue.patch b/meta-oe/recipes-support/libtar/files/0004-Fix-invalid-memory-de-reference-issue.patch
new file mode 100644
index 000000000..b1ecb552b
--- /dev/null
+++ b/meta-oe/recipes-support/libtar/files/0004-Fix-invalid-memory-de-reference-issue.patch
@@ -0,0 +1,44 @@
1From c0a89709860acae5ef67727db7b23db385703bf6 Mon Sep 17 00:00:00 2001
2From: Huzaifa Sidhpurwala <huzaifas@fedoraproject.org>
3Date: Tue, 15 Oct 2013 14:39:05 +0200
4Subject: [PATCH] Fix invalid memory de-reference issue
5
6Bug: https://bugzilla.redhat.com/551415
7
8Signed-off-by: Kamil Dudka <kdudka@redhat.com>
9
10Upstream-Status: Backport [https://repo.or.cz/libtar.git/commit/560911b694055b0c677431cf85d4d0d5ebd1a3fd]
11
12Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
13---
14 lib/libtar.h | 1 +
15 lib/util.c | 4 +---
16 2 files changed, 2 insertions(+), 3 deletions(-)
17
18diff --git a/lib/libtar.h b/lib/libtar.h
19index 55f509a..7fc4d03 100644
20--- a/lib/libtar.h
21+++ b/lib/libtar.h
22@@ -172,6 +172,7 @@ int th_write(TAR *t);
23 #define TH_ISDIR(t) ((t)->th_buf.typeflag == DIRTYPE \
24 || S_ISDIR((mode_t)oct_to_int((t)->th_buf.mode)) \
25 || ((t)->th_buf.typeflag == AREGTYPE \
26+ && strlen((t)->th_buf.name) \
27 && ((t)->th_buf.name[strlen((t)->th_buf.name) - 1] == '/')))
28 #define TH_ISFIFO(t) ((t)->th_buf.typeflag == FIFOTYPE \
29 || S_ISFIFO((mode_t)oct_to_int((t)->th_buf.mode)))
30diff --git a/lib/util.c b/lib/util.c
31index 31e8315..11438ef 100644
32--- a/lib/util.c
33+++ b/lib/util.c
34@@ -148,9 +148,7 @@ oct_to_int(char *oct)
35 {
36 int i;
37
38- sscanf(oct, "%o", &i);
39-
40- return i;
41+ return sscanf(oct, "%o", &i) == 1 ? i : 0;
42 }
43
44
diff --git a/meta-oe/recipes-support/libtar/files/0005-fix-file-descriptor-leaks-reported-by-cppcheck.patch b/meta-oe/recipes-support/libtar/files/0005-fix-file-descriptor-leaks-reported-by-cppcheck.patch
new file mode 100644
index 000000000..627c27016
--- /dev/null
+++ b/meta-oe/recipes-support/libtar/files/0005-fix-file-descriptor-leaks-reported-by-cppcheck.patch
@@ -0,0 +1,101 @@
1From d998b9f75c79aab68255dace641dd30db239eff6 Mon Sep 17 00:00:00 2001
2From: Kamil Dudka <kdudka@redhat.com>
3Date: Tue, 15 Oct 2013 19:48:41 -0400
4Subject: [PATCH] fix file descriptor leaks reported by cppcheck
5
6Bug: https://bugzilla.redhat.com/785760
7
8Authored by Kamil Dudka <kdudka@redhat.com>.
9
10Upstream-Status: Backport [https://repo.or.cz/libtar.git/commit/abd0274e6b2f708e9eaa29414b07b3f542cec694]
11
12Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
13---
14 lib/append.c | 14 +++++++++-----
15 lib/extract.c | 4 ++++
16 libtar/libtar.c | 3 +++
17 3 files changed, 16 insertions(+), 5 deletions(-)
18
19diff --git a/lib/append.c b/lib/append.c
20index e8bd89d..ff58532 100644
21--- a/lib/append.c
22+++ b/lib/append.c
23@@ -216,6 +216,7 @@ tar_append_regfile(TAR *t, const char *realname)
24 int filefd;
25 int i, j;
26 size_t size;
27+ int rv = -1;
28
29 filefd = open(realname, O_RDONLY);
30 if (filefd == -1)
31@@ -234,25 +235,28 @@ tar_append_regfile(TAR *t, const char *realname)
32 {
33 if (j != -1)
34 errno = EINVAL;
35- return -1;
36+ goto fail;
37 }
38 if (tar_block_write(t, &block) == -1)
39- return -1;
40+ goto fail;
41 }
42
43 if (i > 0)
44 {
45 j = read(filefd, &block, i);
46 if (j == -1)
47- return -1;
48+ goto fail;
49 memset(&(block[i]), 0, T_BLOCKSIZE - i);
50 if (tar_block_write(t, &block) == -1)
51- return -1;
52+ goto fail;
53 }
54
55+ /* success! */
56+ rv = 0;
57+fail:
58 close(filefd);
59
60- return 0;
61+ return rv;
62 }
63
64
65diff --git a/lib/extract.c b/lib/extract.c
66index 36357e7..9fc6ad5 100644
67--- a/lib/extract.c
68+++ b/lib/extract.c
69@@ -228,13 +228,17 @@ tar_extract_regfile(TAR *t, char *realname)
70 {
71 if (k != -1)
72 errno = EINVAL;
73+ close(fdout);
74 return -1;
75 }
76
77 /* write block to output file */
78 if (write(fdout, buf,
79 ((i > T_BLOCKSIZE) ? T_BLOCKSIZE : i)) == -1)
80+ {
81+ close(fdout);
82 return -1;
83+ }
84 }
85
86 /* close output file */
87diff --git a/libtar/libtar.c b/libtar/libtar.c
88index 9fa92b2..bb5644c 100644
89--- a/libtar/libtar.c
90+++ b/libtar/libtar.c
91@@ -83,7 +83,10 @@ gzopen_frontend(char *pathname, int oflags, int mode)
92 return -1;
93
94 if ((oflags & O_CREAT) && fchmod(fd, mode))
95+ {
96+ close(fd);
97 return -1;
98+ }
99
100 gzf = gzdopen(fd, gzoflags);
101 if (!gzf)
diff --git a/meta-oe/recipes-support/libtar/files/0006-fix-memleak-on-tar_open-failure.patch b/meta-oe/recipes-support/libtar/files/0006-fix-memleak-on-tar_open-failure.patch
new file mode 100644
index 000000000..90809ad84
--- /dev/null
+++ b/meta-oe/recipes-support/libtar/files/0006-fix-memleak-on-tar_open-failure.patch
@@ -0,0 +1,26 @@
1From f6c5cba59444ecda9bbc22b8e8e57fd1015a688d Mon Sep 17 00:00:00 2001
2From: Huzaifa Sidhpurwala <huzaifas@fedoraproject.org>
3Date: Tue, 15 Oct 2013 20:02:58 -0400
4Subject: [PATCH] fix memleak on tar_open() failure
5
6Authored by Huzaifa Sidhpurwala <huzaifas@fedoraproject.org>.
7
8Upstream-Status: Backport [https://repo.or.cz/libtar.git/commit/36629a41208375f5105427e98078127551692028]
9
10Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
11---
12 lib/handle.c | 1 +
13 1 file changed, 1 insertion(+)
14
15diff --git a/lib/handle.c b/lib/handle.c
16index 33a262c..002d23c 100644
17--- a/lib/handle.c
18+++ b/lib/handle.c
19@@ -82,6 +82,7 @@ tar_open(TAR **t, const char *pathname, tartype_t *type,
20 (*t)->fd = (*((*t)->type->openfunc))(pathname, oflags, mode);
21 if ((*t)->fd == -1)
22 {
23+ libtar_hash_free((*t)->h, NULL);
24 free(*t);
25 return -1;
26 }
diff --git a/meta-oe/recipes-support/libtar/files/0007-fix-memleaks-in-libtar-sample-program.patch b/meta-oe/recipes-support/libtar/files/0007-fix-memleaks-in-libtar-sample-program.patch
new file mode 100644
index 000000000..f88bcbf9c
--- /dev/null
+++ b/meta-oe/recipes-support/libtar/files/0007-fix-memleaks-in-libtar-sample-program.patch
@@ -0,0 +1,119 @@
1From e3888e452aee72e0d658185ac20e8e63bed1aff8 Mon Sep 17 00:00:00 2001
2From: Huzaifa Sidhpurwala <huzaifas@fedoraproject.org>
3Date: Tue, 15 Oct 2013 20:05:04 -0400
4Subject: [PATCH] fix memleaks in libtar sample program
5
6Authored by Huzaifa Sidhpurwala <huzaifas@fedoraproject.org>.
7
8Upstream-Status: Backport [https://repo.or.cz/libtar.git/commit/f3c711cf3054ff366a1a3500cdc8c64ecc2d2da6]
9
10Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
11---
12 libtar/libtar.c | 29 ++++++++++++++++++-----------
13 1 file changed, 18 insertions(+), 11 deletions(-)
14
15diff --git a/libtar/libtar.c b/libtar/libtar.c
16index bb5644c..23f8741 100644
17--- a/libtar/libtar.c
18+++ b/libtar/libtar.c
19@@ -253,6 +253,7 @@ extract(char *tarfile, char *rootdir)
20 if (tar_extract_all(t, rootdir) != 0)
21 {
22 fprintf(stderr, "tar_extract_all(): %s\n", strerror(errno));
23+ tar_close(t);
24 return -1;
25 }
26
27@@ -270,12 +271,13 @@ extract(char *tarfile, char *rootdir)
28
29
30 void
31-usage()
32+usage(void *rootdir)
33 {
34 printf("Usage: %s [-C rootdir] [-g] [-z] -x|-t filename.tar\n",
35 progname);
36 printf(" %s [-C rootdir] [-g] [-z] -c filename.tar ...\n",
37 progname);
38+ free(rootdir);
39 exit(-1);
40 }
41
42@@ -292,6 +294,7 @@ main(int argc, char *argv[])
43 int c;
44 int mode = 0;
45 libtar_list_t *l;
46+ int return_code = -2;
47
48 progname = basename(argv[0]);
49
50@@ -313,17 +316,17 @@ main(int argc, char *argv[])
51 break;
52 case 'c':
53 if (mode)
54- usage();
55+ usage(rootdir);
56 mode = MODE_CREATE;
57 break;
58 case 'x':
59 if (mode)
60- usage();
61+ usage(rootdir);
62 mode = MODE_EXTRACT;
63 break;
64 case 't':
65 if (mode)
66- usage();
67+ usage(rootdir);
68 mode = MODE_LIST;
69 break;
70 #ifdef HAVE_LIBZ
71@@ -332,7 +335,7 @@ main(int argc, char *argv[])
72 break;
73 #endif /* HAVE_LIBZ */
74 default:
75- usage();
76+ usage(rootdir);
77 }
78
79 if (!mode || ((argc - optind) < (mode == MODE_CREATE ? 2 : 1)))
80@@ -341,7 +344,7 @@ main(int argc, char *argv[])
81 printf("argc - optind == %d\tmode == %d\n", argc - optind,
82 mode);
83 #endif
84- usage();
85+ usage(rootdir);
86 }
87
88 #ifdef DEBUG
89@@ -351,21 +354,25 @@ main(int argc, char *argv[])
90 switch (mode)
91 {
92 case MODE_EXTRACT:
93- return extract(argv[optind], rootdir);
94+ return_code = extract(argv[optind], rootdir);
95+ break;
96 case MODE_CREATE:
97 tarfile = argv[optind];
98 l = libtar_list_new(LIST_QUEUE, NULL);
99 for (c = optind + 1; c < argc; c++)
100 libtar_list_add(l, argv[c]);
101- return create(tarfile, rootdir, l);
102+ return_code = create(tarfile, rootdir, l);
103+ libtar_list_free(l, NULL);
104+ break;
105 case MODE_LIST:
106- return list(argv[optind]);
107+ return_code = list(argv[optind]);
108+ break;
109 default:
110 break;
111 }
112
113- /* NOTREACHED */
114- return -2;
115+ free(rootdir);
116+ return return_code;
117 }
118
119
diff --git a/meta-oe/recipes-support/libtar/files/0008-decode-avoid-using-a-static-buffer-in-th_get_pathnam.patch b/meta-oe/recipes-support/libtar/files/0008-decode-avoid-using-a-static-buffer-in-th_get_pathnam.patch
new file mode 100644
index 000000000..beba45405
--- /dev/null
+++ b/meta-oe/recipes-support/libtar/files/0008-decode-avoid-using-a-static-buffer-in-th_get_pathnam.patch
@@ -0,0 +1,89 @@
1From edbee9832475347183a841a8fd5be71f74e10392 Mon Sep 17 00:00:00 2001
2From: Kamil Dudka <kdudka@redhat.com>
3Date: Wed, 23 Oct 2013 15:04:22 +0200
4Subject: [PATCH] decode: avoid using a static buffer in th_get_pathname()
5
6A solution suggested by Chris Frey:
7https://lists.feep.net:8080/pipermail/libtar/2013-October/000377.html
8
9Note this can break programs that expect sizeof(TAR) to be fixed.
10
11Authored by Kamil Dudka <kdudka@redhat.com>.
12
13Upstream-Status: Backport [https://repo.or.cz/libtar.git/commit/ec613af2e9371d7a3e1f7c7a6822164a4255b4d1]
14
15Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
16---
17 lib/decode.c | 24 +++++++++++++++++-------
18 lib/handle.c | 1 +
19 lib/libtar.h | 3 +++
20 3 files changed, 21 insertions(+), 7 deletions(-)
21
22diff --git a/lib/decode.c b/lib/decode.c
23index c16ea2d..edb2185 100644
24--- a/lib/decode.c
25+++ b/lib/decode.c
26@@ -26,20 +26,30 @@
27 char *
28 th_get_pathname(TAR *t)
29 {
30- static TLS_THREAD char filename[MAXPATHLEN];
31-
32 if (t->th_buf.gnu_longname)
33 return t->th_buf.gnu_longname;
34
35- if (t->th_buf.prefix[0] != '\0')
36+ /* allocate the th_pathname buffer if not already */
37+ if (t->th_pathname == NULL)
38+ {
39+ t->th_pathname = malloc(MAXPATHLEN * sizeof(char));
40+ if (t->th_pathname == NULL)
41+ /* out of memory */
42+ return NULL;
43+ }
44+
45+ if (t->th_buf.prefix[0] == '\0')
46+ {
47+ snprintf(t->th_pathname, MAXPATHLEN, "%.100s", t->th_buf.name);
48+ }
49+ else
50 {
51- snprintf(filename, sizeof(filename), "%.155s/%.100s",
52+ snprintf(t->th_pathname, MAXPATHLEN, "%.155s/%.100s",
53 t->th_buf.prefix, t->th_buf.name);
54- return filename;
55 }
56
57- snprintf(filename, sizeof(filename), "%.100s", t->th_buf.name);
58- return filename;
59+ /* will be deallocated in tar_close() */
60+ return t->th_pathname;
61 }
62
63
64diff --git a/lib/handle.c b/lib/handle.c
65index 002d23c..a19c046 100644
66--- a/lib/handle.c
67+++ b/lib/handle.c
68@@ -122,6 +122,7 @@ tar_close(TAR *t)
69 libtar_hash_free(t->h, ((t->oflags & O_ACCMODE) == O_RDONLY
70 ? free
71 : (libtar_freefunc_t)tar_dev_free));
72+ free(t->th_pathname);
73 free(t);
74
75 return i;
76diff --git a/lib/libtar.h b/lib/libtar.h
77index 7fc4d03..08a8e0f 100644
78--- a/lib/libtar.h
79+++ b/lib/libtar.h
80@@ -85,6 +85,9 @@ typedef struct
81 int options;
82 struct tar_header th_buf;
83 libtar_hash_t *h;
84+
85+ /* introduced in libtar 1.2.21 */
86+ char *th_pathname;
87 }
88 TAR;
89
diff --git a/meta-oe/recipes-support/libtar/files/0009-Check-for-NULL-before-freeing-th_pathname.patch b/meta-oe/recipes-support/libtar/files/0009-Check-for-NULL-before-freeing-th_pathname.patch
new file mode 100644
index 000000000..2d8f21171
--- /dev/null
+++ b/meta-oe/recipes-support/libtar/files/0009-Check-for-NULL-before-freeing-th_pathname.patch
@@ -0,0 +1,30 @@
1From bc8ec7d940d7ffc870638521bd134098d2efa5df Mon Sep 17 00:00:00 2001
2From: Chris Frey <cdfrey@foursquare.net>
3Date: Thu, 24 Oct 2013 17:55:12 -0400
4Subject: [PATCH] Check for NULL before freeing th_pathname
5
6Thanks to Harald Koch for pointing out that AIX 4 and 5 still need this.
7
8Authored by Chris Frey <cdfrey@foursquare.net>.
9
10Upstream-Status: Backport [https://repo.or.cz/libtar.git/commit/495d0c0eabc5648186e7d58ad54b508d14af38f4]
11
12Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
13---
14 lib/handle.c | 3 ++-
15 1 file changed, 2 insertions(+), 1 deletion(-)
16
17diff --git a/lib/handle.c b/lib/handle.c
18index a19c046..28a7dc2 100644
19--- a/lib/handle.c
20+++ b/lib/handle.c
21@@ -122,7 +122,8 @@ tar_close(TAR *t)
22 libtar_hash_free(t->h, ((t->oflags & O_ACCMODE) == O_RDONLY
23 ? free
24 : (libtar_freefunc_t)tar_dev_free));
25- free(t->th_pathname);
26+ if (t->th_pathname != NULL)
27+ free(t->th_pathname);
28 free(t);
29
30 return i;
diff --git a/meta-oe/recipes-support/libtar/files/0010-Added-stdlib.h-for-malloc-in-lib-decode.c.patch b/meta-oe/recipes-support/libtar/files/0010-Added-stdlib.h-for-malloc-in-lib-decode.c.patch
new file mode 100644
index 000000000..edbd636b2
--- /dev/null
+++ b/meta-oe/recipes-support/libtar/files/0010-Added-stdlib.h-for-malloc-in-lib-decode.c.patch
@@ -0,0 +1,26 @@
1From c64dfdc6ec5bc752aafd1ac16a380f47602197c4 Mon Sep 17 00:00:00 2001
2From: Chris Frey <cdfrey@foursquare.net>
3Date: Thu, 24 Oct 2013 17:58:47 -0400
4Subject: [PATCH] Added stdlib.h for malloc() in lib/decode.c
5
6Authored by Chris Frey <cdfrey@foursquare.net>.
7
8Upstream-Status: Backport [https://repo.or.cz/libtar.git/commit/20aa09bd7775094a2beb0f136c2c7d9e9fd6c7e6]
9
10Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
11---
12 lib/decode.c | 1 +
13 1 file changed, 1 insertion(+)
14
15diff --git a/lib/decode.c b/lib/decode.c
16index edb2185..35312be 100644
17--- a/lib/decode.c
18+++ b/lib/decode.c
19@@ -13,6 +13,7 @@
20 #include <internal.h>
21
22 #include <stdio.h>
23+#include <stdlib.h>
24 #include <sys/param.h>
25 #include <pwd.h>
26 #include <grp.h>
diff --git a/meta-oe/recipes-support/libtar/files/0011-libtar-fix-programming-mistakes-detected-by-static-a.patch b/meta-oe/recipes-support/libtar/files/0011-libtar-fix-programming-mistakes-detected-by-static-a.patch
new file mode 100644
index 000000000..7b39df425
--- /dev/null
+++ b/meta-oe/recipes-support/libtar/files/0011-libtar-fix-programming-mistakes-detected-by-static-a.patch
@@ -0,0 +1,100 @@
1From b469d621c0143e652c51bb238fd2060135aa2009 Mon Sep 17 00:00:00 2001
2From: Kamil Dudka <kdudka@redhat.com>
3Date: Tue, 6 Nov 2018 17:24:05 +0100
4Subject: [PATCH] libtar: fix programming mistakes detected by static analysis
5
6Authored by Kamil Dudka <kdudka@redhat.com>.
7
8meta-openembedded uses Debian's release tarball [1]. Debian uses
9repo.or.cz/libtar.git as their upstream [2]. repo.or.cz/libtar.git has
10been inactive since 2013 [3].
11
12Upstream-Status: Inactive-Upstream [lastrelease: 2013 lastcommit: 2013]
13
14[1] https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libtar/libtar_1.2.20.bb?h=master#n8
15[2] http://svn.kibibyte.se/libtar/trunk/debian/control (rev 51; not tagged)
16[3] https://repo.or.cz/libtar.git/shortlog/refs/heads/master
17
18Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
19---
20 lib/append.c | 7 +++++++
21 lib/wrapper.c | 11 +++++++----
22 libtar/libtar.c | 1 +
23 3 files changed, 15 insertions(+), 4 deletions(-)
24
25diff --git a/lib/append.c b/lib/append.c
26index ff58532..6386a50 100644
27--- a/lib/append.c
28+++ b/lib/append.c
29@@ -110,9 +110,16 @@ tar_append_file(TAR *t, const char *realname, const char *savename)
30 td->td_dev = s.st_dev;
31 td->td_h = libtar_hash_new(256, (libtar_hashfunc_t)ino_hash);
32 if (td->td_h == NULL)
33+ {
34+ free(td);
35 return -1;
36+ }
37 if (libtar_hash_add(t->h, td) == -1)
38+ {
39+ libtar_hash_free(td->td_h, free);
40+ free(td);
41 return -1;
42+ }
43 }
44 libtar_hashptr_reset(&hp);
45 if (libtar_hash_getkey(td->td_h, &hp, &(s.st_ino),
46diff --git a/lib/wrapper.c b/lib/wrapper.c
47index 44cc435..2d3f5b9 100644
48--- a/lib/wrapper.c
49+++ b/lib/wrapper.c
50@@ -97,6 +97,7 @@ tar_append_tree(TAR *t, char *realdir, char *savedir)
51 struct dirent *dent;
52 DIR *dp;
53 struct stat s;
54+ int ret = -1;
55
56 #ifdef DEBUG
57 printf("==> tar_append_tree(0x%lx, \"%s\", \"%s\")\n",
58@@ -130,24 +131,26 @@ tar_append_tree(TAR *t, char *realdir, char *savedir)
59 dent->d_name);
60
61 if (lstat(realpath, &s) != 0)
62- return -1;
63+ goto fail;
64
65 if (S_ISDIR(s.st_mode))
66 {
67 if (tar_append_tree(t, realpath,
68 (savedir ? savepath : NULL)) != 0)
69- return -1;
70+ goto fail;
71 continue;
72 }
73
74 if (tar_append_file(t, realpath,
75 (savedir ? savepath : NULL)) != 0)
76- return -1;
77+ goto fail;
78 }
79
80+ ret = 0;
81+fail:
82 closedir(dp);
83
84- return 0;
85+ return ret;
86 }
87
88
89diff --git a/libtar/libtar.c b/libtar/libtar.c
90index 23f8741..ac339e7 100644
91--- a/libtar/libtar.c
92+++ b/libtar/libtar.c
93@@ -92,6 +92,7 @@ gzopen_frontend(char *pathname, int oflags, int mode)
94 if (!gzf)
95 {
96 errno = ENOMEM;
97+ close(fd);
98 return -1;
99 }
100
diff --git a/meta-oe/recipes-support/libtar/files/CVE-2013-4420.patch b/meta-oe/recipes-support/libtar/files/CVE-2013-4420.patch
new file mode 100644
index 000000000..93b35cbcd
--- /dev/null
+++ b/meta-oe/recipes-support/libtar/files/CVE-2013-4420.patch
@@ -0,0 +1,160 @@
1From 2c81f47508fa6bce9df84e3b43dfb16dffb742a0 Mon Sep 17 00:00:00 2001
2From: Raphael Geissert <geissert@debian.org>
3Date: Thu, 12 Sep 2024 15:51:05 +0300
4Subject: [PATCH] Avoid directory traversal when extracting archives
5
6Description of the vulnerability from the NIST CVE tracker [1]:
7
8 Multiple directory traversal vulnerabilities in the (1)
9 tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20
10 and earlier allow remote attackers to overwrite arbitrary files via
11 a .. (dot dot) in a crafted tar file.
12
13Imported from the Debian libtar package 1.2.20-8 [2]. Original Debian
14description:
15
16 Author: Raphael Geissert <geissert@debian.org>
17 Bug-Debian: https://bugs.debian.org/731860
18 Description: Avoid directory traversal when extracting archives
19 by skipping over leading slashes and any prefix containing ".." components.
20 Forwarded: yes
21
22meta-openembedded uses Debian's release tarball [3]. Debian uses
23repo.or.cz/libtar.git as their upstream [4]. repo.or.cz/libtar.git has
24been inactive since 2013 [5].
25
26CVE: CVE-2013-4420
27
28Upstream-Status: Inactive-Upstream [lastrelease: 2013 lastcommit: 2013]
29
30Comments: Added the commit message
31
32[1] https://nvd.nist.gov/vuln/detail/CVE-2013-4420
33[2] https://sources.debian.org/patches/libtar/1.2.20-8/CVE-2013-4420.patch/
34[3] https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libtar/libtar_1.2.20.bb?h=master#n8
35[4] http://svn.kibibyte.se/libtar/trunk/debian/control (rev 51; not tagged)
36[5] https://repo.or.cz/libtar.git/shortlog/refs/heads/master
37
38Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
39---
40 lib/decode.c | 33 +++++++++++++++++++++++++++++++--
41 lib/extract.c | 8 ++++----
42 lib/internal.h | 1 +
43 lib/output.c | 4 ++--
44 4 files changed, 38 insertions(+), 8 deletions(-)
45
46diff --git a/lib/decode.c b/lib/decode.c
47index 35312be..edd5f2e 100644
48--- a/lib/decode.c
49+++ b/lib/decode.c
50@@ -22,13 +22,42 @@
51 # include <string.h>
52 #endif
53
54+char *
55+safer_name_suffix (char const *file_name)
56+{
57+ char const *p, *t;
58+ p = t = file_name;
59+ while (*p == '/') t = ++p;
60+ while (*p)
61+ {
62+ while (p[0] == '.' && p[0] == p[1] && p[2] == '/')
63+ {
64+ p += 3;
65+ t = p;
66+ }
67+ /* advance pointer past the next slash */
68+ while (*p && (p++)[0] != '/');
69+ }
70+
71+ if (!*t)
72+ {
73+ t = ".";
74+ }
75+
76+ if (t != file_name)
77+ {
78+ /* TODO: warn somehow that the path was modified */
79+ }
80+ return (char*)t;
81+}
82+
83
84 /* determine full path name */
85 char *
86 th_get_pathname(TAR *t)
87 {
88 if (t->th_buf.gnu_longname)
89- return t->th_buf.gnu_longname;
90+ return safer_name_suffix(t->th_buf.gnu_longname);
91
92 /* allocate the th_pathname buffer if not already */
93 if (t->th_pathname == NULL)
94@@ -50,7 +79,7 @@ th_get_pathname(TAR *t)
95 }
96
97 /* will be deallocated in tar_close() */
98- return t->th_pathname;
99+ return safer_name_suffix(t->th_pathname);
100 }
101
102
103diff --git a/lib/extract.c b/lib/extract.c
104index 9fc6ad5..4ff1a95 100644
105--- a/lib/extract.c
106+++ b/lib/extract.c
107@@ -302,14 +302,14 @@ tar_extract_hardlink(TAR * t, char *realname)
108 if (mkdirhier(dirname(filename)) == -1)
109 return -1;
110 libtar_hashptr_reset(&hp);
111- if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t),
112+ if (libtar_hash_getkey(t->h, &hp, safer_name_suffix(th_get_linkname(t)),
113 (libtar_matchfunc_t)libtar_str_match) != 0)
114 {
115 lnp = (char *)libtar_hashptr_data(&hp);
116 linktgt = &lnp[strlen(lnp) + 1];
117 }
118 else
119- linktgt = th_get_linkname(t);
120+ linktgt = safer_name_suffix(th_get_linkname(t));
121
122 #ifdef DEBUG
123 printf(" ==> extracting: %s (link to %s)\n", filename, linktgt);
124@@ -347,9 +347,9 @@ tar_extract_symlink(TAR *t, char *realname)
125
126 #ifdef DEBUG
127 printf(" ==> extracting: %s (symlink to %s)\n",
128- filename, th_get_linkname(t));
129+ filename, safer_name_suffix(th_get_linkname(t)));
130 #endif
131- if (symlink(th_get_linkname(t), filename) == -1)
132+ if (symlink(safer_name_suffix(th_get_linkname(t)), filename) == -1)
133 {
134 #ifdef DEBUG
135 perror("symlink()");
136diff --git a/lib/internal.h b/lib/internal.h
137index da7be7f..f05ca4f 100644
138--- a/lib/internal.h
139+++ b/lib/internal.h
140@@ -21,3 +21,4 @@
141 #define TLS_THREAD
142 #endif
143
144+char* safer_name_suffix(char const*);
145diff --git a/lib/output.c b/lib/output.c
146index a5262ee..af754f1 100644
147--- a/lib/output.c
148+++ b/lib/output.c
149@@ -124,9 +124,9 @@ th_print_long_ls(TAR *t)
150 else
151 printf(" link to ");
152 if ((t->options & TAR_GNU) && t->th_buf.gnu_longlink != NULL)
153- printf("%s", t->th_buf.gnu_longlink);
154+ printf("%s", safer_name_suffix(t->th_buf.gnu_longlink));
155 else
156- printf("%.100s", t->th_buf.linkname);
157+ printf("%.100s", safer_name_suffix(t->th_buf.linkname));
158 }
159
160 putchar('\n');
diff --git a/meta-oe/recipes-support/libtar/files/CVE-2021-33640-CVE-2021-33645-CVE-2021-33646.patch b/meta-oe/recipes-support/libtar/files/CVE-2021-33640-CVE-2021-33645-CVE-2021-33646.patch
new file mode 100644
index 000000000..0a2773fae
--- /dev/null
+++ b/meta-oe/recipes-support/libtar/files/CVE-2021-33640-CVE-2021-33645-CVE-2021-33646.patch
@@ -0,0 +1,42 @@
1From e590423f62cf5bc922ff4a1f7eab9bf7d65ee472 Mon Sep 17 00:00:00 2001
2From: Kamil Dudka <kdudka@redhat.com>
3Date: Tue, 4 Oct 2022 10:39:35 +0200
4Subject: [PATCH] free memory allocated by gnu_long* fields
5
6Authored by Kamil Dudka <kdudka@redhat.com>.
7
8meta-openembedded uses Debian's release tarball [1]. Debian uses
9repo.or.cz/libtar.git as their upstream [2]. repo.or.cz/libtar.git has
10been inactive since 2013 [3].
11
12CVE: CVE-2021-33640 CVE-2021-33645 CVE-2021-33646
13
14Upstream-Status: Inactive-Upstream [lastrelease: 2013 lastcommit: 2013]
15
16[1] https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libtar/libtar_1.2.20.bb?h=master#n8
17[2] http://svn.kibibyte.se/libtar/trunk/debian/control (rev 51; not tagged)
18[3] https://repo.or.cz/libtar.git/shortlog/refs/heads/master
19
20Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
21---
22 lib/handle.c | 7 +++++--
23 1 file changed, 5 insertions(+), 2 deletions(-)
24
25diff --git a/lib/handle.c b/lib/handle.c
26index 28a7dc2..18bd8dc 100644
27--- a/lib/handle.c
28+++ b/lib/handle.c
29@@ -122,8 +122,11 @@ tar_close(TAR *t)
30 libtar_hash_free(t->h, ((t->oflags & O_ACCMODE) == O_RDONLY
31 ? free
32 : (libtar_freefunc_t)tar_dev_free));
33- if (t->th_pathname != NULL)
34- free(t->th_pathname);
35+
36+ free(t->th_pathname);
37+ free(t->th_buf.gnu_longname);
38+ free(t->th_buf.gnu_longlink);
39+
40 free(t);
41
42 return i;
diff --git a/meta-oe/recipes-support/libtar/files/CVE-2021-33643-CVE-2021-33644.patch b/meta-oe/recipes-support/libtar/files/CVE-2021-33643-CVE-2021-33644.patch
new file mode 100644
index 000000000..a61cc3b6a
--- /dev/null
+++ b/meta-oe/recipes-support/libtar/files/CVE-2021-33643-CVE-2021-33644.patch
@@ -0,0 +1,52 @@
1From c778d234c396e78bacef7c9bff0dd2bb9fb6aac8 Mon Sep 17 00:00:00 2001
2From: shixuantong <1726671442@qq.com>
3Date: Wed, 6 Apr 2022 17:40:57 +0800
4Subject: [PATCH] Ensure that sz is greater than 0.
5
6Authored by shixuantong <1726671442@qq.com>.
7
8meta-openembedded uses Debian's release tarball [1]. Debian uses
9repo.or.cz/libtar.git as their upstream [2]. repo.or.cz/libtar.git has
10been inactive since 2013 [3].
11
12CVE: CVE-2021-33643 CVE-2021-33644
13
14Upstream-Status: Inactive-Upstream [lastrelease: 2013 lastcommit: 2013]
15
16[1] https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libtar/libtar_1.2.20.bb?h=master#n8
17[2] http://svn.kibibyte.se/libtar/trunk/debian/control (rev 51; not tagged)
18[3] https://repo.or.cz/libtar.git/shortlog/refs/heads/master
19
20Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
21---
22 lib/block.c | 10 ++++++++++
23 1 file changed, 10 insertions(+)
24
25diff --git a/lib/block.c b/lib/block.c
26index 092bc28..f12c4bc 100644
27--- a/lib/block.c
28+++ b/lib/block.c
29@@ -118,6 +118,11 @@ th_read(TAR *t)
30 if (TH_ISLONGLINK(t))
31 {
32 sz = th_get_size(t);
33+ if ((int)sz <= 0)
34+ {
35+ errno = EINVAL;
36+ return -1;
37+ }
38 blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
39 if (blocks > ((size_t)-1 / T_BLOCKSIZE))
40 {
41@@ -168,6 +173,11 @@ th_read(TAR *t)
42 if (TH_ISLONGNAME(t))
43 {
44 sz = th_get_size(t);
45+ if ((int)sz <= 0)
46+ {
47+ errno = EINVAL;
48+ return -1;
49+ }
50 blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
51 if (blocks > ((size_t)-1 / T_BLOCKSIZE))
52 {
diff --git a/meta-oe/recipes-support/libtar/libtar_1.2.20.bb b/meta-oe/recipes-support/libtar/libtar_1.2.20.bb
index f93d9c09a..c7501ac68 100644
--- a/meta-oe/recipes-support/libtar/libtar_1.2.20.bb
+++ b/meta-oe/recipes-support/libtar/libtar_1.2.20.bb
@@ -8,6 +8,18 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=61cbac6719ae682ce6cd45b5c11e21af"
8SRC_URI = "${DEBIAN_MIRROR}/main/libt/${BPN}/${BPN}_${PV}.orig.tar.gz \ 8SRC_URI = "${DEBIAN_MIRROR}/main/libt/${BPN}/${BPN}_${PV}.orig.tar.gz \
9 file://fix_libtool_sysroot.patch \ 9 file://fix_libtool_sysroot.patch \
10 file://0002-Do-not-strip-libtar.patch \ 10 file://0002-Do-not-strip-libtar.patch \
11 file://0003-Fix-missing-prototype-compiler-warnings.patch \
12 file://0004-Fix-invalid-memory-de-reference-issue.patch \
13 file://0005-fix-file-descriptor-leaks-reported-by-cppcheck.patch \
14 file://0006-fix-memleak-on-tar_open-failure.patch \
15 file://0007-fix-memleaks-in-libtar-sample-program.patch \
16 file://0008-decode-avoid-using-a-static-buffer-in-th_get_pathnam.patch \
17 file://0009-Check-for-NULL-before-freeing-th_pathname.patch \
18 file://0010-Added-stdlib.h-for-malloc-in-lib-decode.c.patch \
19 file://0011-libtar-fix-programming-mistakes-detected-by-static-a.patch \
20 file://CVE-2021-33643-CVE-2021-33644.patch \
21 file://CVE-2021-33640-CVE-2021-33645-CVE-2021-33646.patch \
22 file://CVE-2013-4420.patch \
11 " 23 "
12 24
13S = "${WORKDIR}/${BPN}" 25S = "${WORKDIR}/${BPN}"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-15 17:50:20 +0000