mirrors/tar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix CVE-2018-20482

Browse Source 
* NEWS: Update.
* src/sparse.c (sparse_dump_region): Handle short read condition.
(sparse_extract_region,check_data_region): Fix dumped_size calculation.
Handle short read condition.
(pax_decode_header): Fix dumped_size calculation.
* tests/Makefile.am: Add new testcases.
* tests/testsuite.at: Likewise.

* tests/sptrcreat.at: New file.
* tests/sptrdiff00.at: New file.
* tests/sptrdiff01.at: New file.
This commit is contained in:
Sergey Poznyakoff
2018-12-27 17:48:57 +02:00
parent 3c2a2cd94d
commit c15c42ccd1
7 changed files with 231 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
NEWS
View File

@@ -1,4 +1,4 @@
GNU tar NEWS - User visible changes. 2018-12-21
GNU tar NEWS - User visible changes. 2018-12-27
Please send GNU tar bug reports to <bug-tar@gnu.org>
@@ -25,6 +25,12 @@ semantics of the option.
Previous versions of tar extracted NAME, those of named members that
appeared before it, and everything after it.
* Fix CVE-2018-20482
When creating archives with the --sparse option, previous versions of
tar would loop endlessly if a sparse file had been truncated while
being archived.
version 1.30 - Sergey Poznyakoff, 2017-12-17