mirror of
https://git.yoctoproject.org/poky
synced 2026-01-29 21:08:42 +01:00
tar: Fix for CVE-2023-39804
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4 (From OE-Core rev: 082c31db387957963952c485a436dc38a64498d0) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Vijay Anusuri
committed by
Steve Sakoman
Steve Sakoman
parent
869db167b1
commit
ea68e06fa2
64
meta/recipes-extended/tar/tar/CVE-2023-39804.patch
Normal file
64
meta/recipes-extended/tar/tar/CVE-2023-39804.patch
Normal file
@@ -0,0 +1,64 @@
|
||||
From a339f05cd269013fa133d2f148d73f6f7d4247e4 Mon Sep 17 00:00:00 2001
|
||||
From: Sergey Poznyakoff <gray@gnu.org>
|
||||
Date: Sat, 28 Aug 2021 16:02:12 +0300
|
||||
Subject: Fix handling of extended header prefixes
|
||||
|
||||
* src/xheader.c (locate_handler): Recognize prefix keywords only
|
||||
when followed by a dot.
|
||||
(xattr_decoder): Use xmalloc/xstrdup instead of alloc
|
||||
|
||||
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4]
|
||||
CVE: CVE-2023-39804
|
||||
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
|
||||
---
|
||||
src/xheader.c | 17 +++++++++--------
|
||||
1 file changed, 9 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/xheader.c b/src/xheader.c
|
||||
index 4f8b2b2..3cd694d 100644
|
||||
--- a/src/xheader.c
|
||||
+++ b/src/xheader.c
|
||||
@@ -637,11 +637,11 @@ static struct xhdr_tab const *
|
||||
locate_handler (char const *keyword)
|
||||
{
|
||||
struct xhdr_tab const *p;
|
||||
-
|
||||
for (p = xhdr_tab; p->keyword; p++)
|
||||
if (p->prefix)
|
||||
{
|
||||
- if (strncmp (p->keyword, keyword, strlen(p->keyword)) == 0)
|
||||
+ size_t kwlen = strlen (p->keyword);
|
||||
+ if (keyword[kwlen] == '.' && strncmp (p->keyword, keyword, kwlen) == 0)
|
||||
return p;
|
||||
}
|
||||
else
|
||||
@@ -1716,19 +1716,20 @@ xattr_decoder (struct tar_stat_info *st,
|
||||
char const *keyword, char const *arg, size_t size)
|
||||
{
|
||||
char *xstr, *xkey;
|
||||
-
|
||||
+
|
||||
/* copy keyword */
|
||||
- size_t klen_raw = strlen (keyword);
|
||||
- xkey = alloca (klen_raw + 1);
|
||||
- memcpy (xkey, keyword, klen_raw + 1) /* including null-terminating */;
|
||||
+ xkey = xstrdup (keyword);
|
||||
|
||||
/* copy value */
|
||||
- xstr = alloca (size + 1);
|
||||
+ xstr = xmalloc (size + 1);
|
||||
memcpy (xstr, arg, size + 1); /* separator included, for GNU tar '\n' */;
|
||||
|
||||
xattr_decode_keyword (xkey);
|
||||
|
||||
- xheader_xattr_add (st, xkey + strlen("SCHILY.xattr."), xstr, size);
|
||||
+ xheader_xattr_add (st, xkey + strlen ("SCHILY.xattr."), xstr, size);
|
||||
+
|
||||
+ free (xkey);
|
||||
+ free (xstr);
|
||||
}
|
||||
|
||||
static void
|
||||
--
|
||||
cgit v1.1
|
||||
|
||||
@@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
|
||||
file://musl_dirent.patch \
|
||||
file://CVE-2021-20193.patch \
|
||||
file://CVE-2022-48303.patch \
|
||||
file://CVE-2023-39804.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "17917356fff5cb4bd3cd5a6c3e727b05"
|
||||
|
||||
Reference in New Issue
Block a user