io_archive: add bounds limit for uname and gname tar header fields - apk-tools - Adélie Linux patches for Alpine Package Keeper (apk-tools)

diff options

author	Timo Teräs <timo.teras@iki.fi>	2021-04-11 15:21:42 +0300
committer	Timo Teräs <timo.teras@iki.fi>	2021-04-12 15:30:14 +0300
commit	f7143c1766ae59489ac922e890ffe6d4a61c3b2d (patch)
tree	bbeed012d9bc90374b10a79f26acfbb56c33a750 /test/provides.repo
parent	4bcd792194c23fd73912a567101af5fda6e860da (diff)
download	apk-tools-f7143c1766ae59489ac922e890ffe6d4a61c3b2d.tar.gz apk-tools-f7143c1766ae59489ac922e890ffe6d4a61c3b2d.tar.bz2 apk-tools-f7143c1766ae59489ac922e890ffe6d4a61c3b2d.tar.xz apk-tools-f7143c1766ae59489ac922e890ffe6d4a61c3b2d.zip

io_archive: add bounds limit for uname and gname tar header fields

Modify apk_resolve_[ug]id to take the user/groupname as a blob, so proper length checking is done and honored. ==31584== Conditional jump or move depends on uninitialised value(s) ==31584== at 0x5C8CA5: strlen (strlen.c:17) ==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79) ==31584== by 0x4350EB: apk_resolve_uid (io.c:1112) ==31584== by 0x43696C: apk_tar_parse (io_archive.c:152) ==31584== by 0x4271BC: apk_pkg_read (package.c:929) ==31584== by 0x402D75: add_main (app_add.c:163) ==31584== by 0x40D5FF: main (apk-static.c:516) Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139. Reported-by: Sören Tempel <soeren+git@soeren-tempel.net> Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>

Diffstat (limited to 'test/provides.repo')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: