*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
Hi,
Fuzzing tar with checksums disabled reveals a NULL pointer dereference
when parsing certain archives that have malformed extended headers. This
affects tar from (at least) Trusty, Bionic and Cosmic. I haven't tested
Xenial's version.
A test case with fixed checksums is attached. To avoid breaking anything
that looks inside tar archives, I have converted it to text with xxd. To
reproduce:
$ xxd -r gnutar-crash.tar.txt gnutar-crash.tar
$ tar Oxf gnutar-crash.tar
tar: Ignoring unknown extended header keyword 'GNU.sparse.minTr'
tar: Malformed extended header: missing length
Segmentation fault (core dumped)
I have also attached a patch against the latest upstream git and against
1.30 (in Cosmic). This fixes the issue by detecting the null result
before it is dereferenced.
Regards,
Daniel
** Affects: tar (Ubuntu)
Importance: Undecided
Status: New
--
NULL dereference when decompressing specially crafted archives
https://bugs.launchpad.net/bugs/1810241
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
