libarchive: fix bug1066

Fix out of bounds read on empty string filename for guntar, pax and v7tar

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-extended/libarchive/libarchive/bug1066.patch b/meta/recipes-extended/libarchive/libarchive/bug1066.patch
new file mode 100644 (file)
index 0000000..0a662b5
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/bug1066.patch
@@ -0,0 +1,54 @@
+libarchive-3.3.3: Fix bug1066
+
+[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/1066
+
+archive_write_set_format_*.c: fix out of bounds read on empty string () filename
+for guntar, pax and v7tar
+
+There is an out of bounds read flaw in the archive_write_gnutar_header,
+archive_write_pax_header and archive_write_v7tar_header functions which
+could leds to cause a denial of service.
+
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/c246ec5d058a3f70a2d3fb765f92fe9db77b25df]
+Bug: 1066
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/libarchive/archive_write_set_format_gnutar.c b/libarchive/archive_write_set_format_gnutar.c
+index 2d858c9..1966c53 100644
+--- a/libarchive/archive_write_set_format_gnutar.c
++++ b/libarchive/archive_write_set_format_gnutar.c
+@@ -339,7 +339,7 @@ archive_write_gnutar_header(struct archive_write *a,
+                * case getting WCS failed. On POSIX, this is a
+                * normal operation.
+                */
+-              if (p != NULL && p[strlen(p) - 1] != '/') {
++              if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
+                       struct archive_string as;
+ 
+                       archive_string_init(&as);
+diff --git a/libarchive/archive_write_set_format_pax.c b/libarchive/archive_write_set_format_pax.c
+index 6a301ac..4cfa8ff 100644
+--- a/libarchive/archive_write_set_format_pax.c
++++ b/libarchive/archive_write_set_format_pax.c
+@@ -660,7 +660,7 @@ archive_write_pax_header(struct archive_write *a,
+                        * case getting WCS failed. On POSIX, this is a
+                        * normal operation.
+                        */
+-                      if (p != NULL && p[strlen(p) - 1] != '/') {
++                      if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
+                               struct archive_string as;
+ 
+                               archive_string_init(&as);
+diff --git a/libarchive/archive_write_set_format_v7tar.c b/libarchive/archive_write_set_format_v7tar.c
+index 62b1522..53c0db0 100644
+--- a/libarchive/archive_write_set_format_v7tar.c
++++ b/libarchive/archive_write_set_format_v7tar.c
+@@ -284,7 +284,7 @@ archive_write_v7tar_header(struct archive_write *a, struct archive_entry *entry)
+                * case getting WCS failed. On POSIX, this is a
+                * normal operation.
+                */
+-              if (p != NULL && p[strlen(p) - 1] != '/') {
++              if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
+                       struct archive_string as;
+ 
+                       archive_string_init(&as);

diff --git a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb
index eabab16770888c67bab4b7bd1dfb428f93d8cdd0..46a3d437626897e2a4fda4bc5d32cc66e23bc822 100644 (file)
--- a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb
@@ -33,6 +33,7 @@ EXTRA_OECONF += "--enable-largefile"
 
 SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
            file://non-recursive-extract-and-list.patch \
+           file://bug1066.patch \
 "
 
 SRC_URI[md5sum] = "4038e366ca5b659dae3efcc744e72120"