diff options
author | Andrej Valek <andrej.valek@siemens.com> | 2018-10-10 15:40:14 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-10-11 23:06:35 +0100 |
commit | 31dbe40c9f9c5fe3073fab2a780f7a248995cc82 (patch) | |
tree | c025a25c53482278bbdebbc71ace04d92e26ddfc | |
parent | 8a2e53b525ebc4f50c7384af056cbe67a3913282 (diff) | |
download | poky-31dbe40c9f9c5fe3073fab2a780f7a248995cc82.tar.gz |
libarchive: fix bug1066
Fix out of bounds read on empty string filename for guntar, pax and v7tar
(From OE-Core rev: 459506272b8800604886f6bd3bc32ee09d7bb906)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/bug1066.patch | 54 | ||||
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive_3.3.3.bb | 1 |
2 files changed, 55 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/bug1066.patch b/meta/recipes-extended/libarchive/libarchive/bug1066.patch new file mode 100644 index 0000000000..0a662b57b4 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/bug1066.patch | |||
@@ -0,0 +1,54 @@ | |||
1 | libarchive-3.3.3: Fix bug1066 | ||
2 | |||
3 | [No upstream tracking] -- https://github.com/libarchive/libarchive/pull/1066 | ||
4 | |||
5 | archive_write_set_format_*.c: fix out of bounds read on empty string () filename | ||
6 | for guntar, pax and v7tar | ||
7 | |||
8 | There is an out of bounds read flaw in the archive_write_gnutar_header, | ||
9 | archive_write_pax_header and archive_write_v7tar_header functions which | ||
10 | could leds to cause a denial of service. | ||
11 | |||
12 | Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/c246ec5d058a3f70a2d3fb765f92fe9db77b25df] | ||
13 | Bug: 1066 | ||
14 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
15 | |||
16 | diff --git a/libarchive/archive_write_set_format_gnutar.c b/libarchive/archive_write_set_format_gnutar.c | ||
17 | index 2d858c9..1966c53 100644 | ||
18 | --- a/libarchive/archive_write_set_format_gnutar.c | ||
19 | +++ b/libarchive/archive_write_set_format_gnutar.c | ||
20 | @@ -339,7 +339,7 @@ archive_write_gnutar_header(struct archive_write *a, | ||
21 | * case getting WCS failed. On POSIX, this is a | ||
22 | * normal operation. | ||
23 | */ | ||
24 | - if (p != NULL && p[strlen(p) - 1] != '/') { | ||
25 | + if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') { | ||
26 | struct archive_string as; | ||
27 | |||
28 | archive_string_init(&as); | ||
29 | diff --git a/libarchive/archive_write_set_format_pax.c b/libarchive/archive_write_set_format_pax.c | ||
30 | index 6a301ac..4cfa8ff 100644 | ||
31 | --- a/libarchive/archive_write_set_format_pax.c | ||
32 | +++ b/libarchive/archive_write_set_format_pax.c | ||
33 | @@ -660,7 +660,7 @@ archive_write_pax_header(struct archive_write *a, | ||
34 | * case getting WCS failed. On POSIX, this is a | ||
35 | * normal operation. | ||
36 | */ | ||
37 | - if (p != NULL && p[strlen(p) - 1] != '/') { | ||
38 | + if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') { | ||
39 | struct archive_string as; | ||
40 | |||
41 | archive_string_init(&as); | ||
42 | diff --git a/libarchive/archive_write_set_format_v7tar.c b/libarchive/archive_write_set_format_v7tar.c | ||
43 | index 62b1522..53c0db0 100644 | ||
44 | --- a/libarchive/archive_write_set_format_v7tar.c | ||
45 | +++ b/libarchive/archive_write_set_format_v7tar.c | ||
46 | @@ -284,7 +284,7 @@ archive_write_v7tar_header(struct archive_write *a, struct archive_entry *entry) | ||
47 | * case getting WCS failed. On POSIX, this is a | ||
48 | * normal operation. | ||
49 | */ | ||
50 | - if (p != NULL && p[strlen(p) - 1] != '/') { | ||
51 | + if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') { | ||
52 | struct archive_string as; | ||
53 | |||
54 | archive_string_init(&as); | ||
diff --git a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb index eabab16770..46a3d43762 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb | |||
@@ -33,6 +33,7 @@ EXTRA_OECONF += "--enable-largefile" | |||
33 | 33 | ||
34 | SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ | 34 | SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ |
35 | file://non-recursive-extract-and-list.patch \ | 35 | file://non-recursive-extract-and-list.patch \ |
36 | file://bug1066.patch \ | ||
36 | " | 37 | " |
37 | 38 | ||
38 | SRC_URI[md5sum] = "4038e366ca5b659dae3efcc744e72120" | 39 | SRC_URI[md5sum] = "4038e366ca5b659dae3efcc744e72120" |