1 Submitted By: Ken Moffat <ken at linuxfromscratch dot org>
3 Initial Package Version: 1.15.1
4 Origin: gentoo, backported from CVS, rediffed to apply with -p1
5 Description: addresses vulnerability CVE-2006-0300
7 diff -Naurp tar-1.15.1-vanilla/src/xheader.c tar-1.15.1/src/xheader.c
8 --- tar-1.15.1-vanilla/src/xheader.c 2004-09-06 12:31:14.000000000 +0100
9 +++ tar-1.15.1/src/xheader.c 2006-04-14 16:26:26.000000000 +0100
10 @@ -783,6 +783,32 @@ code_num (uintmax_t value, char const *k
11 xheader_print (xhdr, keyword, sbuf);
15 +decode_num (uintmax_t *num, char const *arg, uintmax_t maxval,
16 + char const *keyword)
21 + if (! (ISDIGIT (*arg)
22 + && (errno = 0, u = strtoumax (arg, &arg_lim, 10), !*arg_lim)))
24 + ERROR ((0, 0, _("Malformed extended header: invalid %s=%s"),
29 + if (! (u <= maxval && errno != ERANGE))
31 + ERROR ((0, 0, _("Extended header %s=%s is out of range"),
41 dummy_coder (struct tar_stat_info const *st __attribute__ ((unused)),
42 char const *keyword __attribute__ ((unused)),
43 @@ -821,7 +847,7 @@ static void
44 gid_decoder (struct tar_stat_info *st, char const *arg)
47 - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
48 + if (decode_num (&u, arg, TYPE_MAXIMUM (gid_t), "gid"))
52 @@ -903,7 +929,7 @@ static void
53 size_decoder (struct tar_stat_info *st, char const *arg)
56 - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
57 + if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "size"))
58 st->archive_file_size = st->stat.st_size = u;
61 @@ -918,7 +944,7 @@ static void
62 uid_decoder (struct tar_stat_info *st, char const *arg)
65 - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
66 + if (decode_num (&u, arg, TYPE_MAXIMUM (uid_t), "uid"))
70 @@ -946,7 +972,7 @@ static void
71 sparse_size_decoder (struct tar_stat_info *st, char const *arg)
74 - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
75 + if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.size"))
79 @@ -962,10 +988,10 @@ static void
80 sparse_numblocks_decoder (struct tar_stat_info *st, char const *arg)
83 - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
84 + if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numblocks"))
86 st->sparse_map_size = u;
87 - st->sparse_map = calloc(st->sparse_map_size, sizeof(st->sparse_map[0]));
88 + st->sparse_map = xcalloc (u, sizeof st->sparse_map[0]);
89 st->sparse_map_avail = 0;
92 @@ -982,8 +1008,14 @@ static void
93 sparse_offset_decoder (struct tar_stat_info *st, char const *arg)
96 - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
97 + if (decode_num (&u, arg, TYPE_MAXIMUM (off_t), "GNU.sparse.offset"))
99 + if (st->sparse_map_avail < st->sparse_map_size)
100 st->sparse_map[st->sparse_map_avail].offset = u;
102 + ERROR ((0, 0, _("Malformed extended header: excess %s=%s"),
103 + "GNU.sparse.offset", arg));
108 @@ -998,15 +1030,13 @@ static void
109 sparse_numbytes_decoder (struct tar_stat_info *st, char const *arg)
112 - if (xstrtoumax (arg, NULL, 10, &u, "") == LONGINT_OK)
113 + if (decode_num (&u, arg, SIZE_MAX, "GNU.sparse.numbytes"))
115 if (st->sparse_map_avail == st->sparse_map_size)
117 - st->sparse_map_size *= 2;
118 - st->sparse_map = xrealloc (st->sparse_map,
119 - st->sparse_map_size
120 - * sizeof st->sparse_map[0]);
122 + st->sparse_map = x2nrealloc (st->sparse_map,
123 + &st->sparse_map_size,
124 + sizeof st->sparse_map[0]);
126 st->sparse_map[st->sparse_map_avail++].numbytes = u;