mirrors/tar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

--one-top-level: avoid a heap-buffer-overflow

Browse Source 
* NEWS: Mention this.
* src/suffix.c (strip_compression_suffix): Fix string comparison guard.
Without this change, some ASAN-enabled test runs would fail with the
following.  Also, strip an additional .tar suffix only if the just-
stripped suffix did not match /^\.t/".

==30815==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000002ed at pc 0x00000049d1f4 bp 0x7ffeb5906d50 sp 0x7ffeb5906500
READ of size 1 at 0x6020000002ed thread T0
SCARINESS: 12 (1-byte-read-heap-buffer-overflow)
    #0 0x49d1f3 in __interceptor_strncmp /j/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:407
    #1 0x5670f3 in strip_compression_suffix /j/tar/src/suffix.c:107
    #2 0x575788 in decode_options /j/tar/src/tar.c:2545
    #3 0x5760c0 in main /j/tar/src/tar.c:2708
    #4 0x7f105090df29 in __libc_start_main ../csu/libc-start.c:308
    #5 0x408629 in _start (/j/tar/src/tar+0x408629)

0x6020000002ed is located 3 bytes to the left of 6-byte region [0x6020000002f0,0x6020000002f6)
allocated by thread T0 here:
    #0 0x4d0710 in __interceptor_malloc /j/gcc/libsanitizer/asan/asan_malloc_linux.cc:86
    #1 0x4908ad in __interceptor_strndup /j/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:326
    #2 0x5cbcbd in xstrndup /j/tar/gnu/xstrndup.c:32
    #3 0x5a325b in base_name /j/tar/gnu/basename.c:57
    #4 0x575772 in decode_options /j/tar/src/tar.c:2544
    #5 0x5760c0 in main /j/tar/src/tar.c:2708
    #6 0x7f105090df29 in __libc_start_main ../csu/libc-start.c:308
This commit is contained in:
Jim Meyering
2018-04-07 08:41:46 -07:00
committed by Sergey Poznyakoff
parent f563b896cc
commit b531801d6f
2 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
NEWS
View File

@@ -1,9 +1,12 @@
GNU tar NEWS - User visible changes. 2018-03-18
GNU tar NEWS - User visible changes. 2018-04-07
Please send GNU tar bug reports to <bug-tar@gnu.org>
version 1.30.90 (Git)
* Fix heap-buffer-overrun with --one-top-level.
Bug introduced with the addition of that option in 1.28.
* Support for zstd compression
New option '--zstd' instructs tar to use zstd as compression program.
@@ -53,7 +56,7 @@ causing subsequent link extractions in that directory to fail.
This new warning control option suppresses warning messages about
unreadable files and directories. It has effect only if used together
with the --ignore-failed-read option.
with the --ignore-failed-read option.
* The --warnings=none option now suppresses all warnings

11
src/suffix.c
View File

@@ -62,7 +62,7 @@ find_compression_suffix (const char *name, size_t *ret_len)
{
size_t len;
struct compression_suffix *p;
suf++;
len = strlen (suf);
@@ -101,10 +101,14 @@ strip_compression_suffix (const char *name)
{
char *s = NULL;
size_t len;
struct compression_suffix const *p = find_compression_suffix (name, &len);
if (find_compression_suffix (name, &len))
if (p)
{
if (strncmp (name + len - 4, ".tar", 4) == 0)
/* Strip an additional ".tar" suffix, but only if the just-stripped
"outer" suffix did not begin with "t". */
if (len > 4 && strncmp (name + len - 4, ".tar", 4) == 0
&& p->suffix[0] != 't')
len -= 4;
if (len == 0)
return NULL;
@@ -114,4 +118,3 @@ strip_compression_suffix (const char *name)
}
return s;
}