diff options
author | Armin Kuster <akuster@mvista.com> | 2019-05-29 14:03:16 -0700 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2019-06-25 07:26:36 -0700 |
commit | fc77edc8245ab90eee1f1e857f470b6842dc256f (patch) | |
tree | b44852b0c711ad3f605ae5f5aba6f79ec8bf2a4d | |
parent | 249447828cd1ed13f9faf19793208b503acf0d30 (diff) | |
download | openembedded-core-contrib-fc77edc8245ab90eee1f1e857f470b6842dc256f.tar.gz |
Tar: Security fix CVE-2019-0023
Source: tar.git
MR: 97928
Type: Security Fix
Disposition: Backport from http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
ChangeID: 7aee4c0daf8ce813242fe7b872583560a32bc4e3
Description:
Affects tar < 1.32
fixes CVE-2019-9923
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta/recipes-extended/tar/tar/CVE-2019-9923.patch | 38 | ||||
-rw-r--r-- | meta/recipes-extended/tar/tar_1.30.bb | 1 |
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-extended/tar/tar/CVE-2019-9923.patch b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch new file mode 100644 index 0000000000..146cbffea5 --- /dev/null +++ b/meta/recipes-extended/tar/tar/CVE-2019-9923.patch @@ -0,0 +1,38 @@ +From cb07844454d8cc9fb21f53ace75975f91185a120 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff <gray@gnu.org> +Date: Mon, 14 Jan 2019 15:22:09 +0200 +Subject: [PATCH] Fix possible NULL dereference (savannah bug #55369) + +* src/sparse.c (pax_decode_header): Check return from find_next_block. + +Upstream-Status: Backport +CVE: CVE-2019-9923 +Affects: tar < 1.32 +Signed-off-by: Armin kuster <akuster@mvista.com> + +--- + src/sparse.c | 4 ++++ + 1 file changed, 4 insertions(+) + +Index: tar-1.30/src/sparse.c +=================================================================== +--- tar-1.30.orig/src/sparse.c ++++ tar-1.30/src/sparse.c +@@ -1231,6 +1231,8 @@ pax_decode_header (struct tar_sparse_fil + set_next_block_after (b); \ + file->dumped_size += BLOCKSIZE; \ + b = find_next_block (); \ ++ if (!b) \ ++ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive"))); \ + src = b->buffer; \ + endp = b->buffer + BLOCKSIZE; \ + } \ +@@ -1243,6 +1245,8 @@ pax_decode_header (struct tar_sparse_fil + set_next_block_after (current_header); + file->dumped_size += BLOCKSIZE; + blk = find_next_block (); ++ if (!blk) ++ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive"))); + p = blk->buffer; + COPY_BUF (blk,nbuf,p); + if (!decode_num (&u, nbuf, TYPE_MAXIMUM (size_t))) diff --git a/meta/recipes-extended/tar/tar_1.30.bb b/meta/recipes-extended/tar/tar_1.30.bb index bd24f4762f..ab1b33b378 100644 --- a/meta/recipes-extended/tar/tar_1.30.bb +++ b/meta/recipes-extended/tar/tar_1.30.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \ file://remove-gets.patch \ file://musl_dirent.patch \ + file://CVE-2019-9923.patch \ " SRC_URI[md5sum] = "8404e4c1fc5a3000228ab2b8ad674a65" |