[Bug 1810241] Re: NULL dereference when decompressing specially crafted archives
Ubuntu Foundations Team Bug Bot
1810241 at bugs.launchpad.net
Thu Mar 7 20:22:10 UTC 2019
The attachment "patch against git head" seems to be a patch. If it
isn't, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/1810241
Title:
NULL dereference when decompressing specially crafted archives
Status in tar package in Ubuntu:
New
Bug description:
Hi,
Fuzzing tar with checksums disabled reveals a NULL pointer dereference
when parsing certain archives that have malformed extended headers.
This affects tar from (at least) Trusty, Bionic and Cosmic. I haven't
tested Xenial's version.
A test case with fixed checksums is attached. To avoid breaking
anything that looks inside tar archives, I have converted it to text
with xxd. To reproduce:
$ xxd -r gnutar-crash.tar.txt gnutar-crash.tar
$ tar Oxf gnutar-crash.tar
tar: Ignoring unknown extended header keyword 'GNU.sparse.minTr'
tar: Malformed extended header: missing length
Segmentation fault (core dumped)
I have also attached a patch against the latest upstream git and
against 1.30 (in Cosmic). This fixes the issue by detecting the null
result before it is dereferenced.
Regards,
Daniel
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241/+subscriptions
More information about the foundations-bugs
mailing list