--- /dev/null
+From c9bc934e7e91d302e0feca6e713ccc38d6d01532 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Peter=20K=C3=A4stle?= <peter@piie.net>
+Date: Mon, 10 Mar 2025 16:43:04 +0100
+Subject: [PATCH] fix CVE-2025-1632 and CVE-2025-25724 (#2532)
+
+Hi,
+
+please find my approach to fix the CVE-2025-1632 and CVE-2025-25724
+vulnerabilities in this pr.
+As both error cases did trigger a NULL pointer deref (and triggered
+hopefully everywhere a coredump), we can safely replace the actual
+information by a predefined invalid string without breaking any
+functionality.
+
+CVE: CVE-2025-1632
+CVE: CVE-2025-25724
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/c9bc934e7e91d302e0feca6e713ccc38d6d01532]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---------
+
+Signed-off-by: Peter Kaestle <peter@piie.net>
+---
+ tar/util.c | 5 ++++-
+ unzip/bsdunzip.c | 10 +++++++---
+ 2 files changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/tar/util.c b/tar/util.c
+index 3b099cb5..f3cbdf0b 100644
+--- a/tar/util.c
++++ b/tar/util.c
+@@ -748,7 +748,10 @@ list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry)
+ #else
+ ltime = localtime(&tim);
+ #endif
+- strftime(tmp, sizeof(tmp), fmt, ltime);
++ if (ltime)
++ strftime(tmp, sizeof(tmp), fmt, ltime);
++ else
++ sprintf(tmp, "-- -- ----");
+ fprintf(out, " %s ", tmp);
+ safe_fprintf(out, "%s", archive_entry_pathname(entry));
+
+diff --git a/unzip/bsdunzip.c b/unzip/bsdunzip.c
+index 7c8cafc3..4a9028b7 100644
+--- a/unzip/bsdunzip.c
++++ b/unzip/bsdunzip.c
+@@ -904,6 +904,7 @@ list(struct archive *a, struct archive_entry *e)
+ char buf[20];
+ time_t mtime;
+ struct tm *tm;
++ const char *pathname;
+
+ mtime = archive_entry_mtime(e);
+ tm = localtime(&mtime);
+@@ -912,22 +913,25 @@ list(struct archive *a, struct archive_entry *e)
+ else
+ strftime(buf, sizeof(buf), "%m-%d-%g %R", tm);
+
++ pathname = archive_entry_pathname(e);
++ if (!pathname)
++ pathname = "";
+ if (!zipinfo_mode) {
+ if (v_opt == 1) {
+ printf(" %8ju %s %s\n",
+ (uintmax_t)archive_entry_size(e),
+- buf, archive_entry_pathname(e));
++ buf, pathname);
+ } else if (v_opt == 2) {
+ printf("%8ju Stored %7ju 0%% %s %08x %s\n",
+ (uintmax_t)archive_entry_size(e),
+ (uintmax_t)archive_entry_size(e),
+ buf,
+ 0U,
+- archive_entry_pathname(e));
++ pathname);
+ }
+ } else {
+ if (Z1_opt)
+- printf("%s\n",archive_entry_pathname(e));
++ printf("%s\n", pathname);
+ }
+ ac(archive_read_data_skip(a));
+ }
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
