Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
PUBLIC_REPOS
/
buildroot
kopia lustrzana git://git.buildroot.net/buildroot
2
1
Forkuj 0
Pliki
Przeglądaj źródła

package/tar: add upstream security patch for CVE-2022-48303

Fixes CVE-2022-48303: GNU Tar through 1.34 has a one-byte out-of-bounds read
that results in use of uninitialized memory for a conditional jump.
Exploitation to change the flow of control has not been demonstrated.  The
issue occurs in from_header in list.c via a V7 archive in which mtime has
approximately 11 whitespace characters.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[Peter: add _IGNORE_CVES entry]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit ad0bb50dc717a2d9568b73e0f4a509cf6044ffb1)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard 1 rok temu
rodzic
b2b48b24b4
commit
22d5a2c93c
2 zmienionych plików z 36 dodań i 0 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 33 0
      package/tar/0002-Fix-boundary-checking-in-base-256-decoder.patch
  2. 3 0
      package/tar/tar.mk

+ 33 - 0
package/tar/0002-Fix-boundary-checking-in-base-256-decoder.patch
Wyświetl plik 

@@ -0,0 +1,33 @@
 
+From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001
 
+From: Sergey Poznyakoff <gray@gnu.org>
 
+Date: Sat, 11 Feb 2023 11:57:39 +0200
 
+Subject: [PATCH] Fix boundary checking in base-256 decoder
 
+
 
+* src/list.c (from_header): Base-256 encoding is at least 2 bytes
 
+long.
 
+
 
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 
+Upstream: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
 
+---
 
+ src/list.c | 5 +++--
 
+ 1 file changed, 3 insertions(+), 2 deletions(-)
 
+
 
+diff --git a/src/list.c b/src/list.c
 
+index 9fafc425..86bcfdd1 100644
 
+--- a/src/list.c
 
++++ b/src/list.c
 
+@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const *type,
 
+ 	  where++;
 
+ 	}
 
+     }
 
+-  else if (*where == '\200' /* positive base-256 */
 
+-	   || *where == '\377' /* negative base-256 */)
 
++  else if (where <= lim - 2
 
++	   && (*where == '\200' /* positive base-256 */
 
++	       || *where == '\377' /* negative base-256 */))
 
+     {
 
+       /* Parse base-256 output.  A nonnegative number N is
 
+ 	 represented as (256**DIGS)/2 + N; a negative number -N is
 
+-- 
+2.39.2
 
+

+ 3 - 0
package/tar/tar.mk
Wyświetl plik 

@@ -14,6 +14,9 @@ TAR_LICENSE = GPL-3.0+
 
 TAR_LICENSE_FILES = COPYING
 
 TAR_CPE_ID_VENDOR = gnu
 
 
+# 0002-Fix-boundary-checking-in-base-256-decoder.patch
 
+TAR_IGNORE_CVES += CVE-2022-48303
 
+
 
 ifeq ($(BR2_PACKAGE_ACL),y)
 
 TAR_DEPENDENCIES += acl
 
 TAR_CONF_OPTS += --with-posix-acls