From ecce46744f79b2a1f653bb3aa190993d5f58a689 Mon Sep 17 00:00:00 2001 From: Marcin Mikula Date: Wed, 30 Jul 2025 10:29:12 +0200 Subject: [PATCH] Fix CVE-2025-25724 by checking the result of the strftime to avoid use of undefined content of buf, in case when custom locale makes the result string longer than buf length. Signed-off-by: Marcin Mikula --- tar/util.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tar/util.c b/tar/util.c index c99f67797..5bad4345e 100644 --- a/tar/util.c +++ b/tar/util.c @@ -682,6 +682,7 @@ list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry) { char tmp[100]; size_t w; + size_t sw; const char *p; const char *fmt; time_t tim; @@ -769,8 +770,8 @@ list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry) ltime = localtime(&tim); #endif if (ltime) - strftime(tmp, sizeof(tmp), fmt, ltime); - else + sw = strftime(tmp, sizeof(tmp), fmt, ltime); + if (!ltime || !sw) sprintf(tmp, "-- -- ----"); fprintf(out, " %s ", tmp); safe_fprintf(out, "%s", archive_entry_pathname(entry)); -- 2.47.3