File tar-1.27-CVE-2019-9923.patch of Package tar.18756

Overview Repositories Revisions Requests Users Attributes Meta

File tar-1.27-CVE-2019-9923.patch of Package tar.18756

From cb07844454d8cc9fb21f53ace75975f91185a120 Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <gray@gnu.org>
Date: Mon, 14 Jan 2019 15:22:09 +0200
Subject: Fix possible NULL dereference (savannah bug #55369)

* src/sparse.c (pax_decode_header): Check return from find_next_block.
---
 src/sparse.c | 4 ++++
 1 file changed, 4 insertions(+)

Index: tar-1.27.1/src/sparse.c
===================================================================
--- tar-1.27.1.orig/src/sparse.c
+++ tar-1.27.1/src/sparse.c
@@ -1159,6 +1159,8 @@ pax_decode_header (struct tar_sparse_fil
 	 {                                                         \
 	   set_next_block_after (b);                               \
            b = find_next_block ();                                 \
+           if (!b)                                                 \
+             FATAL_ERROR ((0, 0, _("Unexpected EOF in archive"))); \
            src = b->buffer;                                        \
 	   endp = b->buffer + BLOCKSIZE;                           \
 	 }                                                         \
@@ -1171,6 +1173,8 @@ pax_decode_header (struct tar_sparse_fil
       start = current_block_ordinal ();
       set_next_block_after (current_header);
       blk = find_next_block ();
+      if (!blk)
+        FATAL_ERROR ((0, 0, _("Unexpected EOF in archive")));
       p = blk->buffer;
       COPY_BUF (blk,nbuf,p);
       if (!decode_num (&u, nbuf, TYPE_MAXIMUM (size_t)))

Places

File tar-1.27-CVE-2019-9923.patch of Package tar.18756

Places