summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/tar/tar/CVE-2023-39804.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/tar/tar/CVE-2023-39804.patch')
-rw-r--r--meta/recipes-extended/tar/tar/CVE-2023-39804.patch64
1 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-extended/tar/tar/CVE-2023-39804.patch b/meta/recipes-extended/tar/tar/CVE-2023-39804.patch
new file mode 100644
index 0000000000..f550928540
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2023-39804.patch
@@ -0,0 +1,64 @@
+From a339f05cd269013fa133d2f148d73f6f7d4247e4 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Sat, 28 Aug 2021 16:02:12 +0300
+Subject: Fix handling of extended header prefixes
+
+* src/xheader.c (locate_handler): Recognize prefix keywords only
+when followed by a dot.
+(xattr_decoder): Use xmalloc/xstrdup instead of alloc
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4]
+CVE: CVE-2023-39804
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/xheader.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/src/xheader.c b/src/xheader.c
+index 4f8b2b2..3cd694d 100644
+--- a/src/xheader.c
++++ b/src/xheader.c
+@@ -637,11 +637,11 @@ static struct xhdr_tab const *
+ locate_handler (char const *keyword)
+ {
+ struct xhdr_tab const *p;
+-
+ for (p = xhdr_tab; p->keyword; p++)
+ if (p->prefix)
+ {
+- if (strncmp (p->keyword, keyword, strlen(p->keyword)) == 0)
++ size_t kwlen = strlen (p->keyword);
++ if (keyword[kwlen] == '.' && strncmp (p->keyword, keyword, kwlen) == 0)
+ return p;
+ }
+ else
+@@ -1716,19 +1716,20 @@ xattr_decoder (struct tar_stat_info *st,
+ char const *keyword, char const *arg, size_t size)
+ {
+ char *xstr, *xkey;
+-
++
+ /* copy keyword */
+- size_t klen_raw = strlen (keyword);
+- xkey = alloca (klen_raw + 1);
+- memcpy (xkey, keyword, klen_raw + 1) /* including null-terminating */;
++ xkey = xstrdup (keyword);
+
+ /* copy value */
+- xstr = alloca (size + 1);
++ xstr = xmalloc (size + 1);
+ memcpy (xstr, arg, size + 1); /* separator included, for GNU tar '\n' */;
+
+ xattr_decode_keyword (xkey);
+
+- xheader_xattr_add (st, xkey + strlen("SCHILY.xattr."), xstr, size);
++ xheader_xattr_add (st, xkey + strlen ("SCHILY.xattr."), xstr, size);
++
++ free (xkey);
++ free (xstr);
+ }
+
+ static void
+--
+cgit v1.1
+
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-02 21:32:29 +0000