[Bug-tar] possible out of bounds access on grandchild error

bug-tar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-tar] possible out of bounds access on grandchild error

From:	Tobias Stoeckmann
Subject:	[Bug-tar] possible out of bounds access on grandchild error
Date:	Wed, 1 Oct 2014 22:00:10 +0200
User-agent:	Mutt/1.5.22 (2013-10-16)

Hi,

the function run_decompress_program in system.c is prone to trigger
an out of bounds access in next_decompress_program due to uninitialized
value "i".

If tar is called with a specific decompressor, like "tar -xz", the
function first_decompress_program will return a fixed value.  In this
case it would be "gzip".  If the execution of gzip fails or gzip is
not found, next_decompress_program will be called.  Yet "i" has never
been initialized and an array out of bounds access happens in that
function.

Fix would be to always set the pstate in first_decompress_program,
which in turn would initialize "i" to 0 -- always.


Tobias

--- tar-1.28/src/buffer.c~      Wed Oct  1 21:52:45 2014
+++ tar-1.28/src/buffer.c       Wed Oct  1 21:53:05 2014
@@ -339,13 +339,14 @@
 {
   struct zip_program const *zp;
 
+  *pstate = 0;
+
   if (use_compress_program_option)
     return use_compress_program_option;
 
   if (archive_compression_type == ct_none)
     return NULL;
 
-  *pstate = 0;
   zp = find_zip_program (archive_compression_type, pstate);
   return zp ? zp->program : NULL;
 }

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-tar] possible out of bounds access on grandchild error, Tobias Stoeckmann <=
- Re: [Bug-tar] possible out of bounds access on grandchild error, Sergey Poznyakoff, 2014/10/01

Prev by Date: [Bug-tar] README references PORTS, which is unavailable
Next by Date: Re: [Bug-tar] possible out of bounds access on grandchild error
Previous by thread: [Bug-tar] README references PORTS, which is unavailable
Next by thread: Re: [Bug-tar] possible out of bounds access on grandchild error
Index(es):
- Date
- Thread