Antonio Teixeira
875ebe6f8b
because it mishandles truncation (CVE-2024-57970, bsc#1237233) * CVE-2024-57970.patch OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=133
32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
From ca233156bfecef7fe713fe7bb86decfda728e364 Mon Sep 17 00:00:00 2001
|
|
From: Tim Kientzle <kientzle@acm.org>
|
|
Date: Wed, 4 Dec 2024 10:41:12 -0800
|
|
Subject: [PATCH] Handle truncation in the middle of a GNU long linkname
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Thanks to gbdngb12 김동건 for reporting this.
|
|
|
|
Resolves Issue #2415
|
|
---
|
|
libarchive/archive_read_support_format_tar.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/libarchive/archive_read_support_format_tar.c b/libarchive/archive_read_support_format_tar.c
|
|
index 4aaf1b90ce..b1344ae57d 100644
|
|
--- a/libarchive/archive_read_support_format_tar.c
|
|
+++ b/libarchive/archive_read_support_format_tar.c
|
|
@@ -1146,7 +1146,9 @@ header_gnu_longlink(struct archive_read *a, struct tar *tar,
|
|
struct archive_string linkpath;
|
|
archive_string_init(&linkpath);
|
|
err = read_body_to_string(a, tar, &linkpath, h, unconsumed);
|
|
- archive_entry_set_link(entry, linkpath.s);
|
|
+ if (err == ARCHIVE_OK) {
|
|
+ archive_entry_set_link(entry, linkpath.s);
|
|
+ }
|
|
archive_string_free(&linkpath);
|
|
return (err);
|
|
}
|
|
|