From a339f05cd269013fa133d2f148d73f6f7d4247e4 Mon Sep 17 00:00:00 2001 From: Sergey Poznyakoff Date: Sat, 28 Aug 2021 16:02:12 +0300 Subject: Fix handling of extended header prefixes * src/xheader.c (locate_handler): Recognize prefix keywords only when followed by a dot. (xattr_decoder): Use xmalloc/xstrdup instead of alloc Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4] CVE: CVE-2023-39804 Signed-off-by: Vijay Anusuri --- src/xheader.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/xheader.c b/src/xheader.c index 4f8b2b2..3cd694d 100644 --- a/src/xheader.c +++ b/src/xheader.c @@ -637,11 +637,11 @@ static struct xhdr_tab const * locate_handler (char const *keyword) { struct xhdr_tab const *p; - for (p = xhdr_tab; p->keyword; p++) if (p->prefix) { - if (strncmp (p->keyword, keyword, strlen(p->keyword)) == 0) + size_t kwlen = strlen (p->keyword); + if (keyword[kwlen] == '.' && strncmp (p->keyword, keyword, kwlen) == 0) return p; } else @@ -1716,19 +1716,20 @@ xattr_decoder (struct tar_stat_info *st, char const *keyword, char const *arg, size_t size) { char *xstr, *xkey; - + /* copy keyword */ - size_t klen_raw = strlen (keyword); - xkey = alloca (klen_raw + 1); - memcpy (xkey, keyword, klen_raw + 1) /* including null-terminating */; + xkey = xstrdup (keyword); /* copy value */ - xstr = alloca (size + 1); + xstr = xmalloc (size + 1); memcpy (xstr, arg, size + 1); /* separator included, for GNU tar '\n' */; xattr_decode_keyword (xkey); - xheader_xattr_add (st, xkey + strlen("SCHILY.xattr."), xstr, size); + xheader_xattr_add (st, xkey + strlen ("SCHILY.xattr."), xstr, size); + + free (xkey); + free (xstr); } static void -- cgit v1.1