summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2020-05-12 11:49:09 +0200
committerJulian Andres Klode <julian.klode@canonical.com>2020-05-12 18:55:55 +0200
commitdceb1e49e4b8e4dadaf056be34088b415939cda6 (patch)
tree4ab3099ce613d9350dbaea5540aca48eab095498 /debian
parent3e7ffa3c1e1afde99182fd4cc91b5536ed8a11da (diff)
SECURITY UPDATE: Fix out of bounds read in .ar and .tar implementation (CVE-2020-3810)
When normalizing ar member names by removing trailing whitespace and slashes, an out-out-bound read can be caused if the ar member name consists only of such characters, because the code did not stop at 0, but would wrap around and continue reading from the stack, without any limit. Add a check to abort if we reached the first character in the name, effectively rejecting the use of names consisting just of slashes and spaces. Furthermore, certain error cases in arfile.cc and extracttar.cc have included member names in the output that were not checked at all and might hence not be nul terminated, leading to further out of bound reads. Fixes Debian/apt#111 LP: #1878177
Diffstat (limited to 'debian')
0 files changed, 0 insertions, 0 deletions