--- /dev/null
+From 3150539edb18690c2c5f81c37fd2d3a35c69ace5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?ARJANEN=20Lo=C3=AFc=20Jean=20David?= <ljd@luigiscorner.mu>
+Date: Fri, 14 Nov 2025 20:34:48 +0100
+Subject: [PATCH] Fix bsdtar zero-length pattern issue.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Uses the sed-like way (and Java-like, and .Net-like, and Javascript-likeā¦) to fix this issue of advancing the string to be processed by one if the match is zero-length.
+
+Fixes libarchive/libarchive#2725 and solves libarchive/libarchive#2438.
+
+CVE: CVE-2025-60753
+Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/3150539edb18690c2c5f81c37fd2d3a35c69ace5]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ tar/subst.c | 19 ++++++++++++-------
+ tar/test/test_option_s.c | 8 +++++++-
+ 2 files changed, 19 insertions(+), 8 deletions(-)
+
+diff --git a/tar/subst.c b/tar/subst.c
+index 9747abb9..902a4d64 100644
+--- a/tar/subst.c
++++ b/tar/subst.c
+@@ -235,7 +235,9 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
+ (*result)[0] = 0;
+ }
+
+- while (1) {
++ char isEnd = 0;
++ do {
++ isEnd = *name == '\0';
+ if (regexec(&rule->re, name, 10, matches, 0))
+ break;
+
+@@ -290,12 +292,15 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result,
+ }
+
+ realloc_strcat(result, rule->result + j);
+-
+- name += matches[0].rm_eo;
+-
+- if (!rule->global)
+- break;
+- }
++ if (matches[0].rm_eo > 0) {
++ name += matches[0].rm_eo;
++ } else {
++ // We skip a character because the match is 0-length
++ // so we need to add it to the output
++ realloc_strncat(result, name, 1);
++ name += 1;
++ }
++ } while (rule->global && !isEnd); // Testing one step after because sed et al. run 0-length patterns a last time on the empty string at the end
+ }
+
+ if (got_match)
+diff --git a/tar/test/test_option_s.c b/tar/test/test_option_s.c
+index 564793b9..90b4c471 100644
+--- a/tar/test/test_option_s.c
++++ b/tar/test/test_option_s.c
+@@ -42,7 +42,13 @@ DEFINE_TEST(test_option_s)
+ systemf("%s -cf test1_2.tar -s /d1/d2/ in/d1/foo", testprog);
+ systemf("%s -xf test1_2.tar -C test1", testprog);
+ assertFileContents("foo", 3, "test1/in/d2/foo");
+-
++ systemf("%s -cf test1_3.tar -s /o/#/g in/d1/foo", testprog);
++ systemf("%s -xf test1_3.tar -C test1", testprog);
++ assertFileContents("foo", 3, "test1/in/d1/f##");
++ // For the 0-length pattern check, remember that "test1/" isn't part of the string affected by the regexp
++ systemf("%s -cf test1_4.tar -s /f*/\\<~\\>/g in/d1/foo", testprog);
++ systemf("%s -xf test1_4.tar -C test1", testprog);
++ assertFileContents("foo", 3, "test1/<>i<>n<>/<>d<>1<>/<f><>o<>o<>");
+ /*
+ * Test 2: Basic substitution when extracting archive.
+ */
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
