upg libarchive
This commit is contained in:
parent
082847e152
commit
ad35ff514c
3 changed files with 91 additions and 3 deletions
|
|
@ -0,0 +1,35 @@
|
|||
From bff38efe8c110469c5080d387bec62a6ca15b1a5 Mon Sep 17 00:00:00 2001
|
||||
From: obiwac <obiwac@gmail.com>
|
||||
Date: Fri, 22 Jul 2022 22:41:10 +0200
|
||||
Subject: [PATCH] libarchive: Handle a `calloc` returning NULL (fixes #1754)
|
||||
|
||||
---
|
||||
libarchive/archive_write.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c
|
||||
index 66592e82..27626b54 100644
|
||||
--- a/libarchive/archive_write.c
|
||||
+++ b/libarchive/archive_write.c
|
||||
@@ -201,6 +201,10 @@ __archive_write_allocate_filter(struct archive *_a)
|
||||
struct archive_write_filter *f;
|
||||
|
||||
f = calloc(1, sizeof(*f));
|
||||
+
|
||||
+ if (f == NULL)
|
||||
+ return (NULL);
|
||||
+
|
||||
f->archive = _a;
|
||||
f->state = ARCHIVE_WRITE_FILTER_STATE_NEW;
|
||||
if (a->filter_first == NULL)
|
||||
@@ -548,6 +552,10 @@ archive_write_open2(struct archive *_a, void *client_data,
|
||||
a->client_data = client_data;
|
||||
|
||||
client_filter = __archive_write_allocate_filter(_a);
|
||||
+
|
||||
+ if (client_filter == NULL)
|
||||
+ return (ARCHIVE_FATAL);
|
||||
+
|
||||
client_filter->open = archive_write_client_open;
|
||||
client_filter->write = archive_write_client_write;
|
||||
client_filter->close = archive_write_client_close;
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
From fc8c6d2786ecba731d77d33fe3b034f581fcbde3 Mon Sep 17 00:00:00 2001
|
||||
From: Ben Wagner <bungeman@chromium.org>
|
||||
Date: Tue, 19 Jul 2022 13:02:40 -0400
|
||||
Subject: [PATCH] Validate entry_bytes_remaining in pax_attribute
|
||||
|
||||
The `size` attribute may contain a negative or too large value. Check
|
||||
the range of the `entry_bytes_remaining` in `pax_attribute` the same way
|
||||
as `header_common`. The test which is added passes both with and without
|
||||
this change in a normal debug build. It is necessary to run with
|
||||
`-fsanitize=undefined` to see that the undefined behavior is avoided.
|
||||
|
||||
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48467
|
||||
---
|
||||
libarchive/archive_read_support_format_tar.c | 15 ++++++
|
||||
1 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/libarchive/archive_read_support_format_tar.c b/libarchive/archive_read_support_format_tar.c
|
||||
index bfdad7f8..e31f1cc4 100644
|
||||
--- a/libarchive/archive_read_support_format_tar.c
|
||||
+++ b/libarchive/archive_read_support_format_tar.c
|
||||
@@ -2108,6 +2108,21 @@ pax_attribute(struct archive_read *a, struct tar *tar,
|
||||
/* "size" is the size of the data in the entry. */
|
||||
tar->entry_bytes_remaining
|
||||
= tar_atol10(value, strlen(value));
|
||||
+ if (tar->entry_bytes_remaining < 0) {
|
||||
+ tar->entry_bytes_remaining = 0;
|
||||
+ archive_set_error(&a->archive,
|
||||
+ ARCHIVE_ERRNO_MISC,
|
||||
+ "Tar size attribute is negative");
|
||||
+ return (ARCHIVE_FATAL);
|
||||
+ }
|
||||
+ if (tar->entry_bytes_remaining == INT64_MAX) {
|
||||
+ /* Note: tar_atol returns INT64_MAX on overflow */
|
||||
+ tar->entry_bytes_remaining = 0;
|
||||
+ archive_set_error(&a->archive,
|
||||
+ ARCHIVE_ERRNO_MISC,
|
||||
+ "Tar size attribute overflow");
|
||||
+ return (ARCHIVE_FATAL);
|
||||
+ }
|
||||
/*
|
||||
* The "size" pax header keyword always overrides the
|
||||
* "size" field in the tar header.
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
pkgname=libarchive
|
||||
pkgver=3.6.1
|
||||
pkgrel=1
|
||||
pkgrel=2
|
||||
pkgdesc='Multi-format archive and compression library'
|
||||
arch=('x86_64')
|
||||
url='https://libarchive.org/'
|
||||
|
|
@ -12,9 +12,20 @@ depends=('acl' 'libacl.so' 'bzip2' 'expat' 'lz4' 'openssl' 'xz' 'zlib' 'zstd')
|
|||
provides=('libarchive.so')
|
||||
options=('debug')
|
||||
validpgpkeys=('A5A45B12AD92D964B89EEE2DEC560C81CEC2276E') # Martin Matuska <mm@FreeBSD.org>
|
||||
source=("https://github.com/${pkgname}/${pkgname}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.xz"{,.asc})
|
||||
source=("https://github.com/${pkgname}/${pkgname}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.xz"{,.asc}
|
||||
'0001-libarchive-Handle-a-calloc-returning-NULL-fixes-1754.patch'
|
||||
'0002-Validate-entry_bytes_remaining-in-pax_attribute.patch')
|
||||
sha256sums=('5a411aceb978f43e626f0c2d1812ddd8807b645ed892453acabd532376c148e6'
|
||||
'SKIP')
|
||||
'SKIP'
|
||||
'bc52b2b2b99915894b436c97872d5d50e94c8c7483865a028fad9a710c837fa7'
|
||||
'38c8d9b00f3259558e67e6fdf790ccbf8ecbba2de101476c2416d87b1679bcb9')
|
||||
|
||||
prepare() {
|
||||
cd "${pkgname}-${pkgver}"
|
||||
|
||||
patch -Np1 < ../0001-libarchive-Handle-a-calloc-returning-NULL-fixes-1754.patch
|
||||
patch -Np1 < ../0002-Validate-entry_bytes_remaining-in-pax_attribute.patch
|
||||
}
|
||||
|
||||
build() {
|
||||
cd "${pkgname}-${pkgver}"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue