|
|
@@ -0,0 +1,38 @@
|
|
|
+From cb07844454d8cc9fb21f53ace75975f91185a120 Mon Sep 17 00:00:00 2001
|
|
|
+From: Sergey Poznyakoff <gray@gnu.org>
|
|
|
+Date: Mon, 14 Jan 2019 15:22:09 +0200
|
|
|
+Subject: [PATCH] Fix possible NULL dereference (savannah bug #55369)
|
|
|
+
|
|
|
+* src/sparse.c (pax_decode_header): Check return from find_next_block.
|
|
|
+
|
|
|
+Upstream-Status: Backport
|
|
|
+CVE: CVE-2019-9923
|
|
|
+Affects: tar < 1.32
|
|
|
+Signed-off-by: Armin kuster <akuster@mvista.com>
|
|
|
+
|
|
|
+---
|
|
|
+ src/sparse.c | 4 ++++
|
|
|
+ 1 file changed, 4 insertions(+)
|
|
|
+
|
|
|
+Index: tar-1.30/src/sparse.c
|
|
|
+===================================================================
|
|
|
+--- tar-1.30.orig/src/sparse.c
|
|
|
++++ tar-1.30/src/sparse.c
|
|
|
+@@ -1231,6 +1231,8 @@ pax_decode_header (struct tar_sparse_fil
|
|
|
+ set_next_block_after (b); \
|
|
|
+ file->dumped_size += BLOCKSIZE; \
|
|
|
+ b = find_next_block (); \
|
|
|
++ if (!b) \
|
|
|
++ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive"))); \
|
|
|
+ src = b->buffer; \
|
|
|
+ endp = b->buffer + BLOCKSIZE; \
|
|
|
+ } \
|
|
|
+@@ -1243,6 +1245,8 @@ pax_decode_header (struct tar_sparse_fil
|
|
|
+ set_next_block_after (current_header);
|
|
|
+ file->dumped_size += BLOCKSIZE;
|
|
|
+ blk = find_next_block ();
|
|
|
++ if (!blk)
|
|
|
++ FATAL_ERROR ((0, 0, _("Unexpected EOF in archive")));
|
|
|
+ p = blk->buffer;
|
|
|
+ COPY_BUF (blk,nbuf,p);
|
|
|
+ if (!decode_num (&u, nbuf, TYPE_MAXIMUM (size_t)))
|
Armin Kuster