1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
| | From 8b0aae25e85fafcf65545dbdbd1a42a183485a91 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Aug 26 2022 13:55:09 +0000
Subject: fix out-of-bounds read in gnu_long{name,link}
Resolves: CVE-2021-33643
Resolves: CVE-2021-33644
---
diff --git a/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch b/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch
new file mode 100644
index 0000000..f6692c3
--- /dev/null
+++ b/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch
@@ -0,0 +1,40 @@
+From 3936c7aa74d89e7a91dfbb2c1b7bfcad58a0355d Mon Sep 17 00:00:00 2001
+From: shixuantong <1726671442@qq.com>
+Date: Wed, 6 Apr 2022 17:40:57 +0800
+Subject: [PATCH 1/2] Ensure that sz is greater than 0.
+
+---
+ lib/block.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/lib/block.c b/lib/block.c
+index 092bc28..f12c4bc 100644
+--- a/lib/block.c
++++ b/lib/block.c
+@@ -118,6 +118,11 @@ th_read(TAR *t)
+ if (TH_ISLONGLINK(t))
+ {
+ sz = th_get_size(t);
++ if ((int)sz <= 0)
++ {
++ errno = EINVAL;
++ return -1;
++ }
+ blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
+ if (blocks > ((size_t)-1 / T_BLOCKSIZE))
+ {
+@@ -168,6 +173,11 @@ th_read(TAR *t)
+ if (TH_ISLONGNAME(t))
+ {
+ sz = th_get_size(t);
++ if ((int)sz <= 0)
++ {
++ errno = EINVAL;
++ return -1;
++ }
+ blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
+ if (blocks > ((size_t)-1 / T_BLOCKSIZE))
+ {
+--
+2.37.1
+
diff --git a/libtar.spec b/libtar.spec
index ffa5512..89b33f5 100644
--- a/libtar.spec
+++ b/libtar.spec
@@ -1,7 +1,7 @@
Summary: Tar file manipulation API
Name: libtar
Version: 1.2.20
-Release: 24%{?dist}
+Release: 25%{?dist}
License: MIT
URL: http://repo.or.cz/libtar.git
Source: http://repo.or.cz/libtar.git/snapshot/refs/tags/v1.2.20.tar.gz#/libtar-v1.2.20.tar.gz
@@ -14,6 +14,9 @@ Patch7: libtar-1.2.20-no-static-buffer.patch
# fix programming mistakes detected by static analysis
Patch8: libtar-1.2.20-static-analysis.patch
+# fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
+Patch9: libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch
+
BuildRequires: libtool
BuildRequires: make
BuildRequires: zlib-devel
@@ -72,6 +75,9 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la
%changelog
+* Fri Aug 26 2022 Kamil Dudka <kdudka@redhat.com> - 1.2.20-25
+- fix out-of-bounds read in gnu_long{name,link} (CVE-2021-33643 CVE-2021-33644)
+
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.20-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|