Permalink
Browse files

HBSD: Fix "libarchive vulnerability 2"

Around a week or so ago, a report[2] was made public showing FreeBSD
susceptible to numerous vulnerabilities in freebsd-update, portsnap,
libarchive, bsdtar, and bspatch. At least one of the vulnerabilities
has been fixed due to libarchive being updated to 3.2.1 in both HEAD,
11-STABLE, and 10-STABLE.

This commit addresses one of the vulnerabilities in libarchive/bsdtar.
As I validate more vulnerabilities, more fixes may come.

[1]:
https://hardenedbsd.org/~shawn/vulns/freebsd/2016-07-29/libarchive.txt

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
Reported-by:	Some anonymous person
MFC-to:		11-STABLE
MFC-to:		10-STABLE
  • Loading branch information...
lattera committed Aug 3, 2016
1 parent 6295aad commit acc5eaecbe4970cfb96d9549fe7dc8ceb4676557
Showing with 4 additions and 2 deletions.
  1. +4 −2 contrib/libarchive/libarchive/archive_write_disk_posix.c
@@ -1796,7 +1796,7 @@ edit_deep_directories(struct archive_write_disk *a)
char *tail = a->name;
/* If path is short, avoid the open() below. */
if (strlen(tail) <= PATH_MAX)
if (strlen(tail) < PATH_MAX)
return;
/* Try to record our starting dir. */
@@ -1806,7 +1806,7 @@ edit_deep_directories(struct archive_write_disk *a)
return;
/* As long as the path is too long... */
while (strlen(tail) > PATH_MAX) {
while (strlen(tail) >= PATH_MAX) {
/* Locate a dir prefix shorter than PATH_MAX. */
tail += PATH_MAX - 8;
while (tail > a->name && *tail != '/')
@@ -2403,6 +2403,8 @@ check_symlinks(struct archive_write_disk *a)
/* We've hit a dir that doesn't exist; stop now. */
if (errno == ENOENT)
break;
else
return (ARCHIVE_FAILED);
} else if (S_ISLNK(st.st_mode)) {
if (c == '\0') {
/*

0 comments on commit acc5eae

Please sign in to comment.