unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
blob 86d5124953d87b629e84656893c86151a7aaa73f 2863 bytes (raw)
name: gnu/packages/patches/libtar-CVE-2021-33645-CVE-2021-33646.patch 	 # note: path name is non-authoritative(*)

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
From 3c7b1fd9bb63d74ecd38b71ffc876dca3ac87a8b Mon Sep 17 00:00:00 2001
From: shixuantong <shixuantong@h-partners.com>
Date: Sat, 7 May 2022 17:04:46 +0800
Subject: [PATCH 2/2] fix memory leak

---
 lib/libtar.h    |  1 +
 lib/util.c      |  9 ++++++++-
 lib/wrapper.c   | 11 +++++++++++
 libtar/libtar.c |  3 +++
 4 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/lib/libtar.h b/lib/libtar.h
index 08a8e0f..8b00e93 100644
--- a/lib/libtar.h
+++ b/lib/libtar.h
@@ -285,6 +285,7 @@ int oct_to_int(char *oct);
 /* integer to string-octal conversion, no NULL */
 void int_to_oct_nonull(int num, char *oct, size_t octlen);
 
+void free_longlink_longname(struct tar_header th_buf);
 
 /***** wrapper.c **********************************************************/
 
diff --git a/lib/util.c b/lib/util.c
index 11438ef..8a42e62 100644
--- a/lib/util.c
+++ b/lib/util.c
@@ -15,6 +15,7 @@
 #include <stdio.h>
 #include <sys/param.h>
 #include <errno.h>
+#include <stdlib.h>
 
 #ifdef STDC_HEADERS
 # include <string.h>
@@ -160,4 +161,10 @@ int_to_oct_nonull(int num, char *oct, size_t octlen)
 	oct[octlen - 1] = ' ';
 }
 
-
+void free_longlink_longname(struct tar_header th_buf)
+{
+	if (th_buf.gnu_longname != NULL)
+		free(th_buf.gnu_longname);
+	if (th_buf.gnu_longlink !=NULL)
+		free(th_buf.gnu_longlink);
+}
diff --git a/lib/wrapper.c b/lib/wrapper.c
index 2d3f5b9..9d2f3bf 100644
--- a/lib/wrapper.c
+++ b/lib/wrapper.c
@@ -36,7 +36,10 @@ tar_extract_glob(TAR *t, char *globname, char *prefix)
 		if (fnmatch(globname, filename, FNM_PATHNAME | FNM_PERIOD))
 		{
 			if (TH_ISREG(t) && tar_skip_regfile(t))
+			{
+				free_longlink_longname(t->th_buf);
 				return -1;
+			}
 			continue;
 		}
 		if (t->options & TAR_VERBOSE)
@@ -46,9 +49,13 @@ tar_extract_glob(TAR *t, char *globname, char *prefix)
 		else
 			strlcpy(buf, filename, sizeof(buf));
 		if (tar_extract_file(t, buf) != 0)
+		{
+			free_longlink_longname(t->th_buf);
 			return -1;
+		}
 	}
 
+	free_longlink_longname(t->th_buf);
 	return (i == 1 ? 0 : -1);
 }
 
@@ -82,9 +89,13 @@ tar_extract_all(TAR *t, char *prefix)
 		       "\"%s\")\n", buf);
 #endif
 		if (tar_extract_file(t, buf) != 0)
+		{
+			free_longlink_longname(t->th_buf);
 			return -1;
+		}
 	}
 
+	free_longlink_longname(t->th_buf);
 	return (i == 1 ? 0 : -1);
 }
 
diff --git a/libtar/libtar.c b/libtar/libtar.c
index ac339e7..b992abb 100644
--- a/libtar/libtar.c
+++ b/libtar/libtar.c
@@ -197,6 +197,7 @@ list(char *tarfile)
 		{
 			fprintf(stderr, "tar_skip_regfile(): %s\n",
 				strerror(errno));
+			free_longlink_longname(t->th_buf);
 			return -1;
 		}
 	}
@@ -218,10 +219,12 @@ list(char *tarfile)
 
 	if (tar_close(t) != 0)
 	{
+		free_longlink_longname(t->th_buf);
 		fprintf(stderr, "tar_close(): %s\n", strerror(errno));
 		return -1;
 	}
 
+	free_longlink_longname(t->th_buf);
 	return 0;
 }
 
-- 
2.37.1


debug log:

solving 86d5124953 ...
found 86d5124953 in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).