Tar: Security fix CVE-2019-0023

author Armin Kuster <akuster@mvista.com>

Wed, 29 May 2019 21:03:16 +0000 (14:03 -0700)

committer Armin Kuster <akuster808@gmail.com>

Tue, 25 Jun 2019 14:26:36 +0000 (07:26 -0700)
author Armin Kuster <akuster@mvista.com>
Wed, 29 May 2019 21:03:16 +0000 (14:03 -0700)
committer Armin Kuster <akuster808@gmail.com>
Tue, 25 Jun 2019 14:26:36 +0000 (07:26 -0700)
diff --git a/meta/recipes-extended/tar/tar/CVE-2019-9923.patch b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch

new file mode 100644 (file)

index 0000000..146cbff
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch
@@ -0,0 +1,38 @@
+From cb07844454d8cc9fb21f53ace75975f91185a120 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Mon, 14 Jan 2019 15:22:09 +0200
+Subject: [PATCH] Fix possible NULL dereference (savannah bug #55369)
+
+* src/sparse.c (pax_decode_header): Check return from find_next_block.
+
+Upstream-Status: Backport
+CVE:  CVE-2019-9923
+Affects: tar < 1.32
+Signed-off-by: Armin kuster <akuster@mvista.com>
+
+---
+ src/sparse.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+Index: tar-1.30/src/sparse.c
+===================================================================
+--- tar-1.30.orig/src/sparse.c
++++ tar-1.30/src/sparse.c
+@@ -1231,6 +1231,8 @@ pax_decode_header (struct tar_sparse_fil
+          set_next_block_after (b);                               \
+            file->dumped_size += BLOCKSIZE;                         \
+            b = find_next_block ();                                 \
++           if (!b)                                                 \
++             FATAL_ERROR ((0, 0, _("Unexpected EOF in archive"))); \
+            src = b->buffer;                                        \
+          endp = b->buffer + BLOCKSIZE;                           \
+        }                                                         \
+@@ -1243,6 +1245,8 @@ pax_decode_header (struct tar_sparse_fil
+       set_next_block_after (current_header);
+       file->dumped_size += BLOCKSIZE;
+       blk = find_next_block ();
++      if (!blk)
++        FATAL_ERROR ((0, 0, _("Unexpected EOF in archive")));
+       p = blk->buffer;
+       COPY_BUF (blk,nbuf,p);
+       if (!decode_num (&u, nbuf, TYPE_MAXIMUM (size_t)))
diff --git a/meta/recipes-extended/tar/tar_1.30.bb b/meta/recipes-extended/tar/tar_1.30.bb

index bd24f4762f4e98a3a7ca178f1fbbb9efe00f8e75..ab1b33b37888e2394b8ceb1e187ca71fe808cd41 100644 (file)
--- a/meta/recipes-extended/tar/tar_1.30.bb
+++ b/meta/recipes-extended/tar/tar_1.30.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
  SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
             file://remove-gets.patch \
             file://musl_dirent.patch \
+           file://CVE-2019-9923.patch \
  "
  
  SRC_URI[md5sum] = "8404e4c1fc5a3000228ab2b8ad674a65"
author	Armin Kuster <akuster@mvista.com>
	Wed, 29 May 2019 21:03:16 +0000 (14:03 -0700)
committer	Armin Kuster <akuster808@gmail.com>
	Tue, 25 Jun 2019 14:26:36 +0000 (07:26 -0700)
meta/recipes-extended/tar/tar/CVE-2019-9923.patch	[new file with mode: 0644]	patch \| blob
meta/recipes-extended/tar/tar_1.30.bb		patch \| blob \| history