mirrors/tar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix CVE-2018-20482

Browse Source 
* NEWS: Update.
* src/sparse.c (sparse_dump_region): Handle short read condition.
(sparse_extract_region,check_data_region): Fix dumped_size calculation.
Handle short read condition.
(pax_decode_header): Fix dumped_size calculation.
* tests/Makefile.am: Add new testcases.
* tests/testsuite.at: Likewise.

* tests/sptrcreat.at: New file.
* tests/sptrdiff00.at: New file.
* tests/sptrdiff01.at: New file.
This commit is contained in:
Sergey Poznyakoff
2018-12-27 17:48:57 +02:00
parent 3c2a2cd94d
commit c15c42ccd1
7 changed files with 231 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
tests/sptrdiff01.at Normal file
View File

@@ -0,0 +1,55 @@
# Process this file with autom4te to create testsuite. -*- Autotest -*-
#
# Test suite for GNU tar.
# Copyright 2018 Free Software Foundation, Inc.
#
# This file is part of GNU tar.
#
# GNU tar is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GNU tar is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# While fixing CVE-2018-20482 (see sptrcreat.at) it has been discovered
# that similar bug exists in file checking code (tar d).
# This test case checks if tar correctly handles a short read condition
# appearing in check_data_region.
AT_SETUP([file truncated in data region while comparing])
AT_KEYWORDS([truncate filechange sparse sptr sptrdiff diff])
# This triggers short read in check_data_region.
AT_TAR_CHECK([
genfile --sparse --block-size=1024 --file foo \
0 ABCDEFGHIJ 1M ABCDEFGHIJ 10M ABCDEFGHIJ 200M ABCDEFGHIJ
genfile --file baz
echo creating
tar --sparse -vcf bar foo baz
echo comparing
genfile --run --checkpoint 5 --length 221278210 --truncate foo -- \
tar --checkpoint=1 \
--checkpoint-action=echo='Write checkpoint %u' \
--checkpoint-action=sleep=1 \
--sparse -vdf bar
],
[1],
[creating
foo
baz
comparing
foo
foo: Size differs
baz
],
[],
[],[],[posix, gnu, oldgnu])
AT_CLEANUP