Original issue 415 created by Google Code user hanno@hboeck.de on 2015-03-06T11:03:58.000Z:
bsdtar will detect the attached zip file as password protected. When entering nothing (just press enter) it will cause an invalid memory read access.
Found with american fuzzy lop.
==27792==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x631000010800 at pc 0x6169dd bp 0x7ffff41b2ef0 sp 0x7ffff41b2ee0
READ of size 1 at 0x631000010800 thread T0
#0 0x6169dc in trad_enc_decrypt_update libarchive/archive_read_support_format_zip.c:251
#1 0x6169dc in zip_read_data_none libarchive/archive_read_support_format_zip.c:1159
#2 0x6169dc in archive_read_format_zip_read_data libarchive/archive_read_support_format_zip.c:1797
#3 0x4a342d in copy_data libarchive/archive_read_extract2.c:139
#4 0x4a342d in archive_read_extract2 libarchive/archive_read_extract2.c:101
#5 0x41c088 in read_archive tar/read.c:361
#6 0x41d3ab in tar_mode_x tar/read.c:104
#7 0x40d4d9 in main tar/bsdtar.c:805
#8 0x7f83a55e6f9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f)
#9 0x412d3c (/data/fuzzretest/bsdtar+0x412d3c)
0x631000010800 is located 0 bytes to the right of 65536-byte region [0x631000000800,0x631000010800)
allocated by thread T0 here:
#0 0x7f83a70cf6f7 in malloc (/usr/lib/gcc/x86_64-pc-linux-gnu/4.9.2/libasan.so.1+0x576f7)
#1 0x4a648c in file_open libarchive/archive_read_open_filename.c:358
Original issue 415 created by Google Code user
hanno@hboeck.deon 2015-03-06T11:03:58.000Z:See attachment: pwcrash.zip
See attachment: pwcrash.zip.asan.txt
The text was updated successfully, but these errors were encountered: