Cherry pick two upstream fixes that may have security implications:

* Handle a 'calloc' returning NULL * Validate entry_bytes_remaining in pax_attribute Requested by tj@
2022-08-01 19:36:28 +00:00 · 2022-08-01 19:36:28 +00:00 · 4d25451a83
parent 498147aaa9
commit 4d25451a83
3 changed files with 57 additions and 0 deletions
--- a/archivers/libarchive/Makefile
+++ b/archivers/libarchive/Makefile
@ -1,6 +1,7 @@
 COMMENT=	multi-format archive and compression library

 DISTNAME=	libarchive-3.6.1
+REVISION=	0
 SHARED_LIBS=	archive		12.0	# 19.1
 CATEGORIES=	archivers
 HOMEPAGE=	https://www.libarchive.org/
--- a/archivers/libarchive/patches/patch-libarchive_archive_read_support_format_tar_c
+++ b/archivers/libarchive/patches/patch-libarchive_archive_read_support_format_tar_c
@ -0,0 +1,28 @@
+Validate entry_bytes_remaining in pax_attribute
+https://github.com/libarchive/libarchive/commit/fc8c6d2786
+
+Index: libarchive/archive_read_support_format_tar.c
+--- libarchive/archive_read_support_format_tar.c.orig
+++ libarchive/archive_read_support_format_tar.c
+@@ -2108,6 +2108,21 @@ pax_attribute(struct archive_read *a, struct tar *tar,
+ 			/* "size" is the size of the data in the entry. */
+ 			tar->entry_bytes_remaining
+ 			    = tar_atol10(value, strlen(value));
+			if (tar->entry_bytes_remaining < 0) {
+				tar->entry_bytes_remaining = 0;
+				archive_set_error(&a->archive,
+				    ARCHIVE_ERRNO_MISC,
+				    "Tar size attribute is negative");
+				return (ARCHIVE_FATAL);
+			}
+			if (tar->entry_bytes_remaining == INT64_MAX) {
+				/* Note: tar_atol returns INT64_MAX on overflow */
+				tar->entry_bytes_remaining = 0;
+				archive_set_error(&a->archive,
+				    ARCHIVE_ERRNO_MISC,
+				    "Tar size attribute overflow");
+				return (ARCHIVE_FATAL);
+			}
+ 			/*
+ 			 * The "size" pax header keyword always overrides the
+ 			 * "size" field in the tar header.
--- a/archivers/libarchive/patches/patch-libarchive_archive_write_c
+++ b/archivers/libarchive/patches/patch-libarchive_archive_write_c
@ -0,0 +1,28 @@
+Handle a `calloc` returning NULL
+https://github.com/libarchive/libarchive/commit/fd180c3603
+
+Index: libarchive/archive_write.c
+--- libarchive/archive_write.c.orig
+++ libarchive/archive_write.c
+@@ -201,6 +201,10 @@ __archive_write_allocate_filter(struct archive *_a)
+ 	struct archive_write_filter *f;
+ 
+ 	f = calloc(1, sizeof(*f));
+
+	if (f == NULL)
+		return (NULL);
+
+ 	f->archive = _a;
+ 	f->state = ARCHIVE_WRITE_FILTER_STATE_NEW;
+ 	if (a->filter_first == NULL)
+@@ -548,6 +552,10 @@ archive_write_open2(struct archive *_a, void *client_d
+ 	a->client_data = client_data;
+ 
+ 	client_filter = __archive_write_allocate_filter(_a);
+
+	if (client_filter == NULL)
+		return (ARCHIVE_FATAL);
+
+ 	client_filter->open = archive_write_client_open;
+ 	client_filter->write = archive_write_client_write;
+ 	client_filter->close = archive_write_client_close;