summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-extended/tar/tar/CVE-2019-9923.patch38
-rw-r--r--meta/recipes-extended/tar/tar_1.31.bb1
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-extended/tar/tar/CVE-2019-9923.patch b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch
new file mode 100644
index 0000000000..a2704c3355
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch
@@ -0,0 +1,38 @@
1From cb07844454d8cc9fb21f53ace75975f91185a120 Mon Sep 17 00:00:00 2001
2From: Sergey Poznyakoff <gray@gnu.org>
3Date: Mon, 14 Jan 2019 15:22:09 +0200
4Subject: [PATCH] Fix possible NULL dereference (savannah bug #55369)
5
6* src/sparse.c (pax_decode_header): Check return from find_next_block.
7
8Upstream-Status: Backport
9CVE: CVE-2019-9923
10Affects: tar < 1.32
11Signed-off-by: Armin kuster <akuster@mvista.com>
12
13---
14 src/sparse.c | 4 ++++
15 1 file changed, 4 insertions(+)
16
17Index: tar-1.31/src/sparse.c
18===================================================================
19--- tar-1.31.orig/src/sparse.c
20+++ tar-1.31/src/sparse.c
21@@ -1267,6 +1267,8 @@ pax_decode_header (struct tar_sparse_fil
22 { \
23 set_next_block_after (b); \
24 b = find_next_block (); \
25+ if (!b) \
26+ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive"))); \
27 src = b->buffer; \
28 endp = b->buffer + BLOCKSIZE; \
29 } \
30@@ -1279,6 +1281,8 @@ pax_decode_header (struct tar_sparse_fil
31 start = current_block_ordinal ();
32 set_next_block_after (current_header);
33 blk = find_next_block ();
34+ if (!blk)
35+ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive")));
36 p = blk->buffer;
37 COPY_BUF (blk,nbuf,p);
38 if (!decode_num (&u, nbuf, TYPE_MAXIMUM (size_t)))
diff --git a/meta/recipes-extended/tar/tar_1.31.bb b/meta/recipes-extended/tar/tar_1.31.bb
index 353617e95f..4a9d03cbc1 100644
--- a/meta/recipes-extended/tar/tar_1.31.bb
+++ b/meta/recipes-extended/tar/tar_1.31.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
9SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \ 9SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
10 file://remove-gets.patch \ 10 file://remove-gets.patch \
11 file://musl_dirent.patch \ 11 file://musl_dirent.patch \
12 file://CVE-2019-9923.patch \
12" 13"
13 14
14SRC_URI[md5sum] = "77afa35b696c8d760331fa0e12c2fac9" 15SRC_URI[md5sum] = "77afa35b696c8d760331fa0e12c2fac9"