libarchive: fix bug1066

Fix out of bounds read on empty string filename for guntar, pax and v7tar (From OE-Core rev: 459506272b8800604886f6bd3bc32ee09d7bb906) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Andrej Valek <andrej.valek@siemens.com> 2018-10-10 15:40:14 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-10-11 23:06:35 +0100
commit: 31dbe40c9f9c5fe3073fab2a780f7a248995cc82 (patch)
tree: c025a25c53482278bbdebbc71ace04d92e26ddfc /meta/recipes-extended
parent: 8a2e53b525ebc4f50c7384af056cbe67a3913282 (diff)
download: poky-31dbe40c9f9c5fe3073fab2a780f7a248995cc82.tar.gz
2 files changed, 55 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/bug1066.patch b/meta/recipes-extended/libarchive/libarchive/bug1066.patch
new file mode 100644
index 0000000000..0a662b57b4
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/bug1066.patch
@@ -0,0 +1,54 @@
+libarchive-3.3.3: Fix bug1066
+[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/1066
+archive_write_set_format_*.c: fix out of bounds read on empty string () filename
+for guntar, pax and v7tar
+There is an out of bounds read flaw in the archive_write_gnutar_header,
+archive_write_pax_header and archive_write_v7tar_header functions which
+could leds to cause a denial of service.
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/c246ec5d058a3f70a2d3fb765f92fe9db77b25df]
+Bug: 1066
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+diff --git a/libarchive/archive_write_set_format_gnutar.c b/libarchive/archive_write_set_format_gnutar.c
+index 2d858c9..1966c53 100644
+--- a/libarchive/archive_write_set_format_gnutar.c
+++ b/libarchive/archive_write_set_format_gnutar.c
+@@ -339,7 +339,7 @@ archive_write_gnutar_header(struct archive_write *a,
+                 * case getting WCS failed. On POSIX, this is a
+                 * normal operation.
+                 */
+-               if (p != NULL && p[strlen(p) - 1] != '/') {
+               if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
+                        struct archive_string as;
+ 
+                        archive_string_init(&as);
+diff --git a/libarchive/archive_write_set_format_pax.c b/libarchive/archive_write_set_format_pax.c
+index 6a301ac..4cfa8ff 100644
+--- a/libarchive/archive_write_set_format_pax.c
+++ b/libarchive/archive_write_set_format_pax.c
+@@ -660,7 +660,7 @@ archive_write_pax_header(struct archive_write *a,
+                         * case getting WCS failed. On POSIX, this is a
+                         * normal operation.
+                         */
+-                       if (p != NULL && p[strlen(p) - 1] != '/') {
+                       if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
+                                struct archive_string as;
+ 
+                                archive_string_init(&as);
+diff --git a/libarchive/archive_write_set_format_v7tar.c b/libarchive/archive_write_set_format_v7tar.c
+index 62b1522..53c0db0 100644
+--- a/libarchive/archive_write_set_format_v7tar.c
+++ b/libarchive/archive_write_set_format_v7tar.c
+@@ -284,7 +284,7 @@ archive_write_v7tar_header(struct archive_write *a, struct archive_entry *entry)
+                 * case getting WCS failed. On POSIX, this is a
+                 * normal operation.
+                 */
+-               if (p != NULL && p[strlen(p) - 1] != '/') {
+               if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
+                        struct archive_string as;
+ 
+                        archive_string_init(&as);
diff --git a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb
index eabab16770..46a3d43762 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb
@@ -33,6 +33,7 @@ EXTRA_OECONF += "--enable-largefile"
 SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
           file://non-recursive-extract-and-list.patch \
+           file://bug1066.patch \
 "
 SRC_URI[md5sum] = "4038e366ca5b659dae3efcc744e72120"
author	Andrej Valek <andrej.valek@siemens.com>	2018-10-10 15:40:14 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-10-11 23:06:35 +0100
commit	31dbe40c9f9c5fe3073fab2a780f7a248995cc82 (patch)
tree	c025a25c53482278bbdebbc71ace04d92e26ddfc /meta/recipes-extended
parent	8a2e53b525ebc4f50c7384af056cbe67a3913282 (diff)
download	poky-31dbe40c9f9c5fe3073fab2a780f7a248995cc82.tar.gz

diff --git a/meta/recipes-extended/libarchive/libarchive/bug1066.patch b/meta/recipes-extended/libarchive/libarchive/bug1066.patch new file mode 100644 index 0000000000..0a662b57b4 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/bug1066.patch
@@ -0,0 +1,54 @@
		1	libarchive-3.3.3: Fix bug1066
		2
		3	[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/1066
		4
		5	archive_write_set_format_*.c: fix out of bounds read on empty string () filename
		6	for guntar, pax and v7tar
		7
		8	There is an out of bounds read flaw in the archive_write_gnutar_header,
		9	archive_write_pax_header and archive_write_v7tar_header functions which
		10	could leds to cause a denial of service.
		11
		12	Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/c246ec5d058a3f70a2d3fb765f92fe9db77b25df]
		13	Bug: 1066
		14	Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
		15
		16	diff --git a/libarchive/archive_write_set_format_gnutar.c b/libarchive/archive_write_set_format_gnutar.c
		17	index 2d858c9..1966c53 100644
		18	--- a/libarchive/archive_write_set_format_gnutar.c
		19	+++ b/libarchive/archive_write_set_format_gnutar.c
		20	@@ -339,7 +339,7 @@ archive_write_gnutar_header(struct archive_write *a,
		21	* case getting WCS failed. On POSIX, this is a
		22	* normal operation.
		23	*/
		24	- if (p != NULL && p[strlen(p) - 1] != '/') {
		25	+ if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
		26	struct archive_string as;
		27
		28	archive_string_init(&as);
		29	diff --git a/libarchive/archive_write_set_format_pax.c b/libarchive/archive_write_set_format_pax.c
		30	index 6a301ac..4cfa8ff 100644
		31	--- a/libarchive/archive_write_set_format_pax.c
		32	+++ b/libarchive/archive_write_set_format_pax.c
		33	@@ -660,7 +660,7 @@ archive_write_pax_header(struct archive_write *a,
		34	* case getting WCS failed. On POSIX, this is a
		35	* normal operation.
		36	*/
		37	- if (p != NULL && p[strlen(p) - 1] != '/') {
		38	+ if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
		39	struct archive_string as;
		40
		41	archive_string_init(&as);
		42	diff --git a/libarchive/archive_write_set_format_v7tar.c b/libarchive/archive_write_set_format_v7tar.c
		43	index 62b1522..53c0db0 100644
		44	--- a/libarchive/archive_write_set_format_v7tar.c
		45	+++ b/libarchive/archive_write_set_format_v7tar.c
		46	@@ -284,7 +284,7 @@ archive_write_v7tar_header(struct archive_write a, struct archive_entry entry)
		47	* case getting WCS failed. On POSIX, this is a
		48	* normal operation.
		49	*/
		50	- if (p != NULL && p[strlen(p) - 1] != '/') {
		51	+ if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
		52	struct archive_string as;
		53
		54	archive_string_init(&as);


diff --git a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb index eabab16770..46a3d43762 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb
@@ -33,6 +33,7 @@ EXTRA_OECONF += "--enable-largefile"
33		33
34	SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \	34	SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
35	file://non-recursive-extract-and-list.patch \	35	file://non-recursive-extract-and-list.patch \
		36	file://bug1066.patch \
36	"	37	"
37		38
38	SRC_URI[md5sum] = "4038e366ca5b659dae3efcc744e72120"	39	SRC_URI[md5sum] = "4038e366ca5b659dae3efcc744e72120"