1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
From a339f05cd269013fa133d2f148d73f6f7d4247e4 Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <gray@gnu.org>
Date: Sat, 28 Aug 2021 16:02:12 +0300
Subject: Fix handling of extended header prefixes
* src/xheader.c (locate_handler): Recognize prefix keywords only
when followed by a dot.
(xattr_decoder): Use xmalloc/xstrdup instead of alloc
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4]
CVE: CVE-2023-39804
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
src/xheader.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/src/xheader.c b/src/xheader.c
index 4f8b2b2..3cd694d 100644
--- a/src/xheader.c
+++ b/src/xheader.c
@@ -637,11 +637,11 @@ static struct xhdr_tab const *
locate_handler (char const *keyword)
{
struct xhdr_tab const *p;
-
for (p = xhdr_tab; p->keyword; p++)
if (p->prefix)
{
- if (strncmp (p->keyword, keyword, strlen(p->keyword)) == 0)
+ size_t kwlen = strlen (p->keyword);
+ if (keyword[kwlen] == '.' && strncmp (p->keyword, keyword, kwlen) == 0)
return p;
}
else
@@ -1716,19 +1716,20 @@ xattr_decoder (struct tar_stat_info *st,
char const *keyword, char const *arg, size_t size)
{
char *xstr, *xkey;
-
+
/* copy keyword */
- size_t klen_raw = strlen (keyword);
- xkey = alloca (klen_raw + 1);
- memcpy (xkey, keyword, klen_raw + 1) /* including null-terminating */;
+ xkey = xstrdup (keyword);
/* copy value */
- xstr = alloca (size + 1);
+ xstr = xmalloc (size + 1);
memcpy (xstr, arg, size + 1); /* separator included, for GNU tar '\n' */;
xattr_decode_keyword (xkey);
- xheader_xattr_add (st, xkey + strlen("SCHILY.xattr."), xstr, size);
+ xheader_xattr_add (st, xkey + strlen ("SCHILY.xattr."), xstr, size);
+
+ free (xkey);
+ free (xstr);
}
static void
--
cgit v1.1
|
