diff options
author | ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> | 2020-03-30 09:24:26 +0900 |
---|---|---|
committer | ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> | 2020-03-30 09:24:26 +0900 |
commit | 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch) | |
tree | b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/poky/meta/recipes-extended/libarchive/libarchive/bug1066.patch | |
parent | 706ad73eb02caf8532deaf5d38995bd258725cb8 (diff) |
agl-basesystem
Diffstat (limited to 'external/poky/meta/recipes-extended/libarchive/libarchive/bug1066.patch')
-rw-r--r-- | external/poky/meta/recipes-extended/libarchive/libarchive/bug1066.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/external/poky/meta/recipes-extended/libarchive/libarchive/bug1066.patch b/external/poky/meta/recipes-extended/libarchive/libarchive/bug1066.patch new file mode 100644 index 00000000..0a662b57 --- /dev/null +++ b/external/poky/meta/recipes-extended/libarchive/libarchive/bug1066.patch @@ -0,0 +1,54 @@ +libarchive-3.3.3: Fix bug1066 + +[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/1066 + +archive_write_set_format_*.c: fix out of bounds read on empty string () filename +for guntar, pax and v7tar + +There is an out of bounds read flaw in the archive_write_gnutar_header, +archive_write_pax_header and archive_write_v7tar_header functions which +could leds to cause a denial of service. + +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/c246ec5d058a3f70a2d3fb765f92fe9db77b25df] +Bug: 1066 +Signed-off-by: Andrej Valek <andrej.valek@siemens.com> + +diff --git a/libarchive/archive_write_set_format_gnutar.c b/libarchive/archive_write_set_format_gnutar.c +index 2d858c9..1966c53 100644 +--- a/libarchive/archive_write_set_format_gnutar.c ++++ b/libarchive/archive_write_set_format_gnutar.c +@@ -339,7 +339,7 @@ archive_write_gnutar_header(struct archive_write *a, + * case getting WCS failed. On POSIX, this is a + * normal operation. + */ +- if (p != NULL && p[strlen(p) - 1] != '/') { ++ if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') { + struct archive_string as; + + archive_string_init(&as); +diff --git a/libarchive/archive_write_set_format_pax.c b/libarchive/archive_write_set_format_pax.c +index 6a301ac..4cfa8ff 100644 +--- a/libarchive/archive_write_set_format_pax.c ++++ b/libarchive/archive_write_set_format_pax.c +@@ -660,7 +660,7 @@ archive_write_pax_header(struct archive_write *a, + * case getting WCS failed. On POSIX, this is a + * normal operation. + */ +- if (p != NULL && p[strlen(p) - 1] != '/') { ++ if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') { + struct archive_string as; + + archive_string_init(&as); +diff --git a/libarchive/archive_write_set_format_v7tar.c b/libarchive/archive_write_set_format_v7tar.c +index 62b1522..53c0db0 100644 +--- a/libarchive/archive_write_set_format_v7tar.c ++++ b/libarchive/archive_write_set_format_v7tar.c +@@ -284,7 +284,7 @@ archive_write_v7tar_header(struct archive_write *a, struct archive_entry *entry) + * case getting WCS failed. On POSIX, this is a + * normal operation. + */ +- if (p != NULL && p[strlen(p) - 1] != '/') { ++ if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') { + struct archive_string as; + + archive_string_init(&as); |