ar write support invokes UB in calling strstr with other than a null-terminated string

[emaste]

This issue is fixed by #926, issue report opened for tracking. The haystack/big and needle/small arguments to strstr must be null-terminated C strings, but archive_write_ar_header calls strstr with a not-terminated character sequence.

Version of libarchive: 3.3.2 in FreeBSD
How you obtained it: included as part of FreeBSD
Operating system and version: FreeBSD + clang500-import branch, as of June 2017
What compiler and/or IDE you are using: Clang 5.0.0 snapshot July 5 2017

Description of the problem you are seeing:
What did you do? Use FreeBSD ar (libarchive consumer) to create an archive (static library), as part of the Virtualbox port build
What did you expect to happen? Static library is created successfully
What actually happened? ar segfaults
What log files or error messages were produced?
From report at https://lists.freebsd.org/pipermail/freebsd-emulation/2017-July/015299.html

 [/usr/ports/emulators/virtualbox-ose/work/VirtualBox-5.1.22/out/freebsd.amd64/release/obj/RuntimeBldProg/RuntimeBldProg.a]
Segmentation fault (core dumped)

Backtrace at fault:

 (lldb) bt
* thread #1, name = 'ar', stop reason = signal SIGSEGV
  * frame #0: ar`memchr(s=0x0000000800e19fcf, c=0, n=14) at memchr.c:48
    frame #1:
ar`twoway_strstr(h="\nRTDirCreateUniqueNumbered-generic.o/\n\n\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5\xa5",
n="RTDirCreateUniqueNumbered-generic.o/\n") at strstr.c:134
    frame #2:
ar`strstr(h="RTSha256Digest.o/\ndigest-builtin.o/\nrsa-asn1-decoder.o/\npkcs7-asn1-decoder.o/\npkix-signature-builtin.o/\npkix-signature-core.o/\npkix-signature-rsa.o/\nspc-asn1-decoder.o/\nx509-asn1-decoder.o/\nx509-certpaths.o/\ntaf-asn1-decoder.o/\ntsp-asn1-decoder.o/\nstore-cert-add-basic.o/\nRTCrStoreCertAddFromJavaKeyStore.o/\nRTCrStoreCertAddWantedFromFishingExpedition.o/\nRTCrStoreCertExportAsPem.o/\nRTCrStoreCreateSnapshotOfUserAndSystemTrustedCAsAndCerts.o/\ndbgmodcontainer.o/\ndbgmoddeferred.o/\ndbgmodcodeview.o/\nRTErrConvertFromErrno.o/\nRTErrConvertToErrno.o/\nlogrelellipsis.o/\nRTAssertMsg1Weak.o/\nRTAssertMsg2Add.o/\nRTAssertMsg2AddWeak.o/\nRTAssertMsg2AddWeakV.o/\nRTAssertMsg2Weak.o/\nRTAssertMsg2WeakV.o/\nRTFileModeToFlags.o/\nRTMemWipeThoroughly.o/\nhandletablectx.o/\nhandletablesimple.o/\nrtPathRootSpecLen.o/\nrtPathVolumeSpecLen.o/\nRTPathAbsExDup.o/\nRTPathAppendEx.o/\nRTPathCalcRelative.o/\nRTPathChangeToDosSlashes.o/\nRTPathChangeToUnixSlashes.o/\nRTPathCopyComponents.o/\nRTPathCountComponents.o/\nRTPathEnsureTrailingSeparator.o/\nRTPathFil"...,
n="RTDirCreateUniqueNumbered-generic.o/\n") at strstr.c:187
    frame #3: ar`archive_write_ar_header(a=0x0000000800dc8000,
entry=0x0000000800d9e500) at archive_write_set_format_ar.c:254

Another report at https://lists.freebsd.org/pipermail/freebsd-current/2017-July/066567.html

How the libarchive developers can reproduce your problem:
What other software was involved? FreeBSD ar
What other files were involved? Virtualbox 5.1.22
How can we obtain any of the above?

[kientzle]

Thanks for the detailed report, Ed!

Closing as this is fixed in #926.