New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
malformed rar crashes bsdtar #504
Comments
|
Comment #1 originally posted by Google Code user |
|
Comment #2 originally posted by kientzle on 2015-02-07T07:29:13.000Z: |
|
The rar reader saves the filename of the entry and when the next entry has the same filename, it assumes this is a multivolume archive. Did I understand this correctly? https://github.com/libarchive/libarchive/blob/master/libarchive/archive_read_support_format_rar.c#L1546 In my opinion the filename only needs to be saved if the flag The entries in crash.rar don't have these flags set. |
|
Ah. That might explain it. A pull request would be greatly appreciated. |
|
I believe the current fix is good enough for 3.2. I'll defer further work to 3.2.1. |
|
According to https://security-tracker.debian.org/tracker/CVE-2015-8916 this is a security issue with ID CVE-2015-8916. I tested, and the crash happen with version 3.1.2 too. |
|
@dosomder @petterreinholdtsen @kientzle this issue seems to be fixed, I cannot reproduce with the provided archive (without the protected tar of course) |
|
b2e2abb is pointed to as the fix on https://security-tracker.debian.org/tracker/CVE-2015-8916 . |
Original issue 396 created by Google Code user
hanno@hboeck.deon 2015-02-03T03:44:10.000Z:See attachment: crash.rar
See attachment: crash.rar.asan.txt
See attachment: crash.rar.valgrind.txt
The text was updated successfully, but these errors were encountered: