mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2654f4f66c8f46724592c5f914e7f5a518435605
poky/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-01.patch
Peter Marko 2654f4f66c libarchive: fix CVE-2025-60753 regression 
Pick patch from PR mentioned in v3.8.5 release notes.

(From OE-Core rev: dc3d99c419a913e66cb73bf098291c21985b0432)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-26 09:49:25 +00:00

77 lines
2.8 KiB
Diff
Raw Blame History

From 3150539edb18690c2c5f81c37fd2d3a35c69ace5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?ARJANEN=20Lo=C3=AFc=20Jean=20David?= <ljd@luigiscorner.mu>
Date: Fri, 14 Nov 2025 20:34:48 +0100
Subject: [PATCH] Fix bsdtar zero-length pattern issue.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Uses the sed-like way (and Java-like, and .Net-like, and Javascript-like…) to fix this issue of advancing the string to be processed by one if the match is zero-length.
Fixes libarchive/libarchive#2725 and solves libarchive/libarchive#2438.
CVE: CVE-2025-60753
Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/3150539edb18690c2c5f81c37fd2d3a35c69ace5]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
tar/subst.c | 19 ++++++++++++-------
tar/test/test_option_s.c | 8 +++++++-
2 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/tar/subst.c b/tar/subst.c
index 9747abb9..902a4d64 100644
--- a/tar/subst.c
+++ b/tar/subst.c
@@ -237,7 +237,9 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
continue;
}
- while (1) {
+ char isEnd = 0;
+ do {
+ isEnd = *name == '\0';
if (regexec(&rule->re, name, 10, matches, 0))
break;
@@ -291,12 +293,15 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
}
realloc_strcat(result, rule->result + j);
-
- name += matches[0].rm_eo;
-
- if (!rule->global)
- break;
- }
+ if (matches[0].rm_eo > 0) {
+ name += matches[0].rm_eo;
+ } else {
+ // We skip a character because the match is 0-length
+ // so we need to add it to the output
+ realloc_strncat(result, name, 1);
+ name += 1;
+ }
+ } while (rule->global && !isEnd); // Testing one step after because sed et al. run 0-length patterns a last time on the empty string at the end
}
if (got_match)
diff --git a/tar/test/test_option_s.c b/tar/test/test_option_s.c
index 564793b9..90b4c471 100644
--- a/tar/test/test_option_s.c
+++ b/tar/test/test_option_s.c
@@ -61,7 +61,13 @@ DEFINE_TEST(test_option_s)
systemf("%s -cf test1_2.tar -s /d1/d2/ in/d1/foo", testprog);
systemf("%s -xf test1_2.tar -C test1", testprog);
assertFileContents("foo", 3, "test1/in/d2/foo");
-
+ systemf("%s -cf test1_3.tar -s /o/#/g in/d1/foo", testprog);
+ systemf("%s -xf test1_3.tar -C test1", testprog);
+ assertFileContents("foo", 3, "test1/in/d1/f##");
+ // For the 0-length pattern check, remember that "test1/" isn't part of the string affected by the regexp
+ systemf("%s -cf test1_4.tar -s /f*/\\<~\\>/g in/d1/foo", testprog);
+ systemf("%s -xf test1_4.tar -C test1", testprog);
+ assertFileContents("foo", 3, "test1/<>i<>n<>/<>d<>1<>/<f><>o<>o<>");
/*
* Test 2: Basic substitution when extracting archive.
*/
Reference in New Issue View Git Blame Copy Permalink