fix CVE-2022-48303

2023-02-08 15:34:11 +08:00 · 2023-02-08 15:34:11 +08:00 · d52f82a727
commit d52f82a727
parent e28075f1be
2 changed files with 36 additions and 1 deletions
--- a/backport-CVE-2022-48303.patch
+++ b/backport-CVE-2022-48303.patch
@ -0,0 +1,31 @@
+From 1d530107a24d71e798727d7f0afa0833473d1074 Mon Sep 17 00:00:00 2001
+From: Matej Mužila <mmuzila@gmail.com>
+Date: Wed, 11 Jan 2023 08:55:58 +0100
+Subject: [PATCH] Fix savannah bug #62387
+
+* src/list.c (from_header): Check for the end of field after leading byte
+  (0x80 or 0xff) of base-256 encoded header value
+---
+ src/list.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/list.c b/src/list.c
+index 9fafc425..bf41b581 100644
+--- a/src/list.c
+++ b/src/list.c
+@@ -899,6 +899,12 @@ from_header (char const *where0, size_t digs, char const *type,
+ 			   << (CHAR_BIT * sizeof (uintmax_t)
+ 			       - LG_256 - (LG_256 - 2)));
+       value = (*where++ & ((1 << (LG_256 - 2)) - 1)) - signbit;
+      if (where == lim)
+        {
+          if (type && !silent)
+            ERROR ((0, 0, _("Archive base-256 value is invalid")));
+          return -1;
+        }
+       for (;;)
+ 	{
+ 	  value = (value << LG_256) + (unsigned char) *where++;
+-- 
+2.38.1
+
--- a/tar.spec
+++ b/tar.spec
@ -1,6 +1,6 @@
 Name:          tar
 Version:       1.32
-Release:       2
+Release:       3
 Epoch:         2
 Summary:       An organized and systematic method of controlling a large amount of data
 License:       GPLv3+
@ -9,6 +9,7 @@ Source0:       https://ftp.gnu.org/gnu/tar/tar-%{version}.tar.xz
 Source1:       https://ftp.gnu.org/gnu/tar/tar-%{version}.tar.xz.sig

 Patch6000:     backport-CVE-2021-20193.patch
+Patch6001:     backport-CVE-2022-48303.patch

 BuildRequires: autoconf automake texinfo gettext libacl-devel attr acl policycoreutils
 Provides:      bundled(gnulib) /bin/tar /bin/gtar
@ -76,6 +77,9 @@ make check
 %{_infodir}/tar.info*

 %changelog
+* Wed Feb 08 2023 wangjiang <wangjiang37@h-partners.com> 2:1.32-3
+- fix CVE-2022-48303
+
 * Wed Apr 14 2021 shixuantong <shixuantong> - 2:1.32-2 
 - fix CVE-2021-20193