Bug#1093625: bookworm-pu: package libtar/1.2.20-8+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: security@debian.org
* CVE-2021-33643: out-of-bounds read in gnu_longlink()
* CVE-2021-33644: out-of-bounds read in gnu_longname()
* CVE-2021-33645: memory leak in th_read()
* CVE-2021-33646: memory leak in th_read()
diffstat for libtar-1.2.20 libtar-1.2.20
changelog | 10 +
patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch | 40 ++++++
patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch | 110 ++++++++++++++++++
patches/series | 2
4 files changed, 162 insertions(+)
diff -Nru libtar-1.2.20/debian/changelog libtar-1.2.20/debian/changelog
--- libtar-1.2.20/debian/changelog 2019-08-25 19:49:41.000000000 +0300
+++ libtar-1.2.20/debian/changelog 2025-01-20 11:39:12.000000000 +0200
@@ -1,3 +1,13 @@
+libtar (1.2.20-8+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2021-33643: out-of-bounds read in gnu_longlink()
+ * CVE-2021-33644: out-of-bounds read in gnu_longname()
+ * CVE-2021-33645: memory leak in th_read()
+ * CVE-2021-33646: memory leak in th_read()
+
+ -- Adrian Bunk <bunk@debian.org> Mon, 20 Jan 2025 11:39:12 +0200
+
libtar (1.2.20-8) unstable; urgency=low
* Convert debian/rules to modern dh style and upgrade to compat level
diff -Nru libtar-1.2.20/debian/patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch libtar-1.2.20/debian/patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch
--- libtar-1.2.20/debian/patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch 1970-01-01 02:00:00.000000000 +0200
+++ libtar-1.2.20/debian/patches/openEuler-CVE-2021-33643-CVE-2021-33644.patch 2025-01-20 11:38:54.000000000 +0200
@@ -0,0 +1,40 @@
+From 6bacfdcb84a4b80c7c026e926b7e1f84d6eed26d Mon Sep 17 00:00:00 2001
+From: shixuantong <1726671442@qq.com>
+Date: Wed, 6 Apr 2022 17:40:57 +0800
+Subject: [PATCH] Ensure that sz is greater than 0.
+
+---
+ lib/block.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/lib/block.c b/lib/block.c
+index 092bc28..80b41ac 100644
+--- a/lib/block.c
++++ b/lib/block.c
+@@ -118,6 +118,11 @@ th_read(TAR *t)
+ if (TH_ISLONGLINK(t))
+ {
+ sz = th_get_size(t);
++ if ((int)sz <= 0)
++ {
++ errno = EINVAL;
++ return -1;
++ }
+ blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
+ if (blocks > ((size_t)-1 / T_BLOCKSIZE))
+ {
+@@ -168,6 +173,11 @@ th_read(TAR *t)
+ if (TH_ISLONGNAME(t))
+ {
+ sz = th_get_size(t);
++ if ((int)sz <= 0)
++ {
++ errno = EINVAL;
++ return -1;
++ }
+ blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
+ if (blocks > ((size_t)-1 / T_BLOCKSIZE))
+ {
+--
+1.8.3.1
+
diff -Nru libtar-1.2.20/debian/patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch libtar-1.2.20/debian/patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch
--- libtar-1.2.20/debian/patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch 1970-01-01 02:00:00.000000000 +0200
+++ libtar-1.2.20/debian/patches/openEuler-CVE-2021-33645-CVE-2021-33646.patch 2025-01-20 11:39:12.000000000 +0200
@@ -0,0 +1,110 @@
+From 8ba8e71a2b86d08ddd3478a4797170f95766c2af Mon Sep 17 00:00:00 2001
+From: shixuantong <shixuantong@h-partners.com>
+Date: Sat, 7 May 2022 17:04:46 +0800
+Subject: [PATCH] fix memory leak
+
+---
+ lib/libtar.h | 1 +
+ lib/util.c | 9 ++++++++-
+ lib/wrapper.c | 11 +++++++++++
+ libtar/libtar.c | 3 +++
+ 4 files changed, 23 insertions(+), 1 deletion(-)
+
+diff --git a/lib/libtar.h b/lib/libtar.h
+index 08a8e0f..8b00e93 100644
+--- a/lib/libtar.h
++++ b/lib/libtar.h
+@@ -285,6 +285,7 @@ int oct_to_int(char *oct);
+ /* integer to string-octal conversion, no NULL */
+ void int_to_oct_nonull(int num, char *oct, size_t octlen);
+
++void free_longlink_longname(struct tar_header th_buf);
+
+ /***** wrapper.c **********************************************************/
+
+diff --git a/lib/util.c b/lib/util.c
+index 11438ef..8a42e62 100644
+--- a/lib/util.c
++++ b/lib/util.c
+@@ -160,4 +161,10 @@ int_to_oct_nonull(int num, char *oct, size_t octlen)
+ oct[octlen - 1] = ' ';
+ }
+
+-
++void free_longlink_longname(struct tar_header th_buf)
++{
++ if (th_buf.gnu_longname != NULL)
++ free(th_buf.gnu_longname);
++ if (th_buf.gnu_longlink !=NULL)
++ free(th_buf.gnu_longlink);
++}
+diff --git a/lib/wrapper.c b/lib/wrapper.c
+index 44cc435..df6d617 100644
+--- a/lib/wrapper.c
++++ b/lib/wrapper.c
+@@ -36,7 +36,10 @@ tar_extract_glob(TAR *t, char *globname, char *prefix)
+ if (fnmatch(globname, filename, FNM_PATHNAME | FNM_PERIOD))
+ {
+ if (TH_ISREG(t) && tar_skip_regfile(t))
++ {
++ free_longlink_longname(t->th_buf);
+ return -1;
++ }
+ continue;
+ }
+ if (t->options & TAR_VERBOSE)
+@@ -58,11 +58,13 @@ tar_extract_glob(TAR *t, char *globname,
+ if (tar_extract_file(t, buf) != 0)
+ {
+ free(buf);
++ free_longlink_longname(t->th_buf);
+ return -1;
+ }
+ free(buf);
+ }
+
++ free_longlink_longname(t->th_buf);
+ return (i == 1 ? 0 : -1);
+ }
+
+@@ -109,11 +111,13 @@ tar_extract_all(TAR *t, char *prefix)
+ if (tar_extract_file(t, buf) != 0)
+ {
+ free(buf);
++ free_longlink_longname(t->th_buf);
+ return -1;
+ }
+ free(buf);
+ }
+
++ free_longlink_longname(t->th_buf);
+ return (i == 1 ? 0 : -1);
+ }
+
+diff --git a/libtar/libtar.c b/libtar/libtar.c
+index 23f8741..7e7354f 100644
+--- a/libtar/libtar.c
++++ b/libtar/libtar.c
+@@ -196,6 +196,7 @@ list(char *tarfile)
+ {
+ fprintf(stderr, "tar_skip_regfile(): %s\n",
+ strerror(errno));
++ free_longlink_longname(t->th_buf);
+ return -1;
+ }
+ }
+@@ -217,10 +218,12 @@ list(char *tarfile)
+
+ if (tar_close(t) != 0)
+ {
++ free_longlink_longname(t->th_buf);
+ fprintf(stderr, "tar_close(): %s\n", strerror(errno));
+ return -1;
+ }
+
++ free_longlink_longname(t->th_buf);
+ return 0;
+ }
+
+--
+1.8.3.1
diff -Nru libtar-1.2.20/debian/patches/series libtar-1.2.20/debian/patches/series
--- libtar-1.2.20/debian/patches/series 2016-10-11 23:01:03.000000000 +0300
+++ libtar-1.2.20/debian/patches/series 2025-01-20 11:39:12.000000000 +0200
@@ -5,3 +5,5 @@
oldgnu_prefix.patch
testsuite.patch
no_strip.patch
+openEuler-CVE-2021-33643-CVE-2021-33644.patch
+openEuler-CVE-2021-33645-CVE-2021-33646.patch
Reply to: