Skip to content
Commit dceb1e49 authored by Julian Andres Klode's avatar Julian Andres Klode
Browse files

SECURITY UPDATE: Fix out of bounds read in .ar and .tar implementation (CVE-2020-3810)

When normalizing ar member names by removing trailing whitespace
and slashes, an out-out-bound read can be caused if the ar member
name consists only of such characters, because the code did not
stop at 0, but would wrap around and continue reading from the
stack, without any limit.

Add a check to abort if we reached the first character in the
name, effectively rejecting the use of names consisting just
of slashes and spaces.

Furthermore, certain error cases in arfile.cc and extracttar.cc have
included member names in the output that were not checked at all and
might hence not be nul terminated, leading to further out of bound reads.

Fixes Debian/apt#111
LP: #1878177
parent 3e7ffa3c
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment