git.ipfire.org Git - thirdparty/libarchive.git/commit

author	Tim Kientzle <kientzle@acm.org>
	Fri, 5 Jul 2024 10:08:38 +0000 (03:08 -0700)
committer	GitHub <noreply@github.com>
	Fri, 5 Jul 2024 10:08:38 +0000 (12:08 +0200)
commit	1382d671a4bc32155cbb52a60cf9937120f56028
tree	854d9b00978d3c2309270a519652090d4a4d9abf	tree
parent	e45b0aa7eebddaaec8139cb1f0a4058f3c1e5369	commit \| diff

Ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258)

The fuzzer constructed an AFIO (CPIO variant) archive that had a
rediculously large ino value, which caused an overflow of a signed
64-bit intermediate.

There are really three issues here:
* The CPIO parser was using a signed int64 as an intermediate type for
parsing numbers in all cases. I've addressed the overflow here by using
a uint64_t in the parser core, but left the resulting values as int64_t.
* The AFIO header parsing had no guards against rediculously large
values; it now rejects an archive when the ino or size fields (which are
allowed to be up to 16 hex digits long) overflow int64_t to produce a
negative value.
* The archive_entry would accept negative values for gid/uid/size/ino.
I've altered those so that these fields treat any negative value as zero
for these fields.

There was one test that actually verified that we could read a field
with size = -1. I've updated that to verify that the resulting size is
zero instead.

OSS-Fuzz Issue: 70019

libarchive/archive_entry.c		diff \| blob \| blame \| history
libarchive/archive_read_support_format_cpio.c		diff \| blob \| blame \| history
libarchive/test/test_read_format_cpio_afio.c		diff \| blob \| blame \| history
libarchive/test/test_read_format_mtree.c		diff \| blob \| blame \| history