rpms / libarchive

Clone
Source Code
GIT

Blame SOURCES/fix-use-after-free-in-delayed-newc.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   a04789ba7ea0e0b9e3d4404fd38311468e8f7581
  2.   SOURCES
  3.   fix-use-after-free-in-delayed-newc.patch
Blob History Raw
8bbbd5 
From 6a71cce7ed735f83f9a6a6bad8beaa47f8d14734 Mon Sep 17 00:00:00 2001
8bbbd5 
From: Ondrej Dubaj <odubaj@redhat.com>
8bbbd5 
Date: Mon, 27 May 2019 10:06:14 +0200
8bbbd5 
Subject: [PATCH 1/2] Fix use-after-free in delayed link processing (newc
8bbbd5 
 format)
8bbbd5
8bbbd5 
During archiving, if some of the "delayed" hard link entries
8bbbd5 
happened to disappear on filesystem (or become unreadable) for
8bbbd5 
some reason (most probably race), the old code free()d the 'entry'
8bbbd5 
and continued with the loop;  the next loop though dereferenced
8bbbd5 
'entry' and crashed the archiver.
8bbbd5
8bbbd5 
Per report from Coverity.
8bbbd5 
---
8bbbd5 
 tar/write.c | 9 ++++-----
8bbbd5 
 1 file changed, 4 insertions(+), 5 deletions(-)
8bbbd5
8bbbd5 
diff --git a/tar/write.c b/tar/write.c
8bbbd5 
index 9c24566..3970de2 100644
8bbbd5 
--- a/tar/write.c
8bbbd5 
+++ b/tar/write.c
8bbbd5 
@@ -540,8 +540,7 @@ write_archive(struct archive *a, struct bsdtar *bsdtar)
8bbbd5 
 			lafe_warnc(archive_errno(disk),
8bbbd5 
 			    "%s", archive_error_string(disk));
8bbbd5 
 			bsdtar->return_value = 1;
8bbbd5 
-			archive_entry_free(entry);
8bbbd5 
-			continue;
8bbbd5 
+			goto next_entry;
8bbbd5 
 		}
8bbbd5
8bbbd5 
 		/*
8bbbd5 
@@ -559,13 +558,13 @@ write_archive(struct archive *a, struct bsdtar *bsdtar)
8bbbd5 
 				bsdtar->return_value = 1;
8bbbd5 
 			else
8bbbd5 
 				archive_read_close(disk);
8bbbd5 
-			archive_entry_free(entry);
8bbbd5 
-			continue;
8bbbd5 
+			goto next_entry;
8bbbd5 
 		}
8bbbd5
8bbbd5 
 		write_file(bsdtar, a, entry);
8bbbd5 
-		archive_entry_free(entry);
8bbbd5 
 		archive_read_close(disk);
8bbbd5 
+next_entry:
8bbbd5 
+		archive_entry_free(entry);
8bbbd5 
 		entry = NULL;
8bbbd5 
 		archive_entry_linkify(bsdtar->resolver, &entry, &sparse_entry);
8bbbd5 
 	}
8bbbd5 
--
8bbbd5 
2.17.1
8bbbd5
8bbbd5
8bbbd5 
From a999ca882aeb8fce4f4f2ee1317f528984b47e8e Mon Sep 17 00:00:00 2001
8bbbd5 
From: Ondrej Dubaj <odubaj@redhat.com>
8bbbd5 
Date: Mon, 27 May 2019 10:34:48 +0200
8bbbd5 
Subject: [PATCH 2/2] call missing archive_read_close() in write_archive()
8bbbd5
8bbbd5 
---
8bbbd5 
 tar/write.c | 3 +--
8bbbd5 
 1 file changed, 1 insertion(+), 2 deletions(-)
8bbbd5
8bbbd5 
diff --git a/tar/write.c b/tar/write.c
8bbbd5 
index 3970de2..63c619c 100644
8bbbd5 
--- a/tar/write.c
8bbbd5 
+++ b/tar/write.c
8bbbd5 
@@ -556,8 +556,7 @@ write_archive(struct archive *a, struct bsdtar *bsdtar)
8bbbd5 
 			    "%s", archive_error_string(disk));
8bbbd5 
 			if (r == ARCHIVE_FATAL)
8bbbd5 
 				bsdtar->return_value = 1;
8bbbd5 
-			else
8bbbd5 
-				archive_read_close(disk);
8bbbd5 
+			archive_read_close(disk);
8bbbd5 
 			goto next_entry;
8bbbd5 
 		}
8bbbd5
8bbbd5 
--
8bbbd5 
2.17.1
8bbbd5

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation