oss-sec mailing list archives
Many invalid memory access issues in libarchive
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 17 Jun 2016 14:51:46 +0200
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html libarchive version 3.2.0 (released on April 30th) fixed a large number of memory access bugs that I reported to them a while ago. https://github.com/libarchive/libarchive/issues/503 Unclear invalid memory read in CPIO parser http://libarchive.github.io/google-code/issue-395/comment-0/crash.cpio Sample file https://github.com/libarchive/libarchive/issues/504 Null pointer access in RAR parser http://libarchive.github.io/google-code/issue-396/comment-0/crash.rar Sample file https://github.com/libarchive/libarchive/issues/505 Null pointer access in CAB parser http://libarchive.github.io/google-code/issue-397/comment-0/segf.cab Sample file https://github.com/libarchive/libarchive/issues/506 Overlapping memcpy in CAB parser http://libarchive.github.io/google-code/issue-398/comment-0/memcpy.cab Sample file https://github.com/libarchive/libarchive/issues/510 Heap out of bounds read in LHA/LZH parser http://libarchive.github.io/google-code/issue-402/comment-0/bsdtar-invalid-read.lzh Sample file https://github.com/libarchive/libarchive/issues/511 Stack out of bounds read in ar parser http://libarchive.github.io/google-code/issue-403/comment-0/bsdtar-invalid-read-stack.a Sample file https://github.com/libarchive/libarchive/issues/512 Global out of bounds read in mtree parser http://libarchive.github.io/google-code/issue-404/comment-0/invalid-read-overflow.mtree Sample file https://github.com/libarchive/libarchive/issues/513 Null pointe access in 7z parser http://libarchive.github.io/google-code/issue-405/comment-0/bsdtar-null-ptr.7z Sample file https://github.com/libarchive/libarchive/issues/514 Unclear crashes in ZIP parser http://libarchive.github.io/google-code/issue-406/comment-0/bsdtar-zip-crash-variant1.zip Sample file https://github.com/libarchive/libarchive/issues/515 Heap out of bounds read in TAR parser http://libarchive.github.io/google-code/issue-407/comment-0/tar-heap-overflow.tar Sample file https://github.com/libarchive/libarchive/issues/516 Unclear invalid memory read in mtree parser http://libarchive.github.io/google-code/issue-408/comment-0/read_mtree.mtree Sample file https://github.com/libarchive/libarchive/issues/518 Null pointer access in RAR parser http://libarchive.github.io/google-code/issue-410/comment-0/segfault.rar Sample file https://github.com/libarchive/libarchive/issues/523 Heap out of bounds heap read read when reading password for malformed ZIP http://libarchive.github.io/google-code/issue-415/comment-0/pwcrash.zip Sample file https://github.com/libarchive/libarchive/issues/550 Heap out of bounds read in mtree parser https://crashes.fuzzing-project.org/libarchive-oob-process_add_entry.mtree Sample file I also reported a couple of lower severity issues (leaks, hangs, undefined behavior issues): https://github.com/libarchive/libarchive/issues/517 Memory leak in TAR parser https://github.com/libarchive/libarchive/issues/522 Endless loop in ISO parser http://libarchive.github.io/google-code/issue-414/comment-0/hang.iso Sample file https://github.com/libarchive/libarchive/issues/539 Undefined behavior / signed integer overflow in mtree parser https://github.com/libarchive/libarchive/issues/540 Use after free in test suite https://github.com/libarchive/libarchive/issues/547 Undefined behavior / invalid shiftleft in TAR parser https://crashes.fuzzing-project.org/libarchive-undefined-shiftleft Sample file https://github.com/libarchive/libarchive/issues/548 Undefined behavior / signed integer overflow in TAR parser https://crashes.fuzzing-project.org/libarchive-undefined-signed-overflow.tar Sample file Unfortunately one out of bounds heap read bug in the RAR parser (sample file) remained unfixed. I hope a fix will find its way into the next version. I was interested in making libarchive more robust because once all issues are fixed it can serve as a safer alternative to many low quality command line tools for various archiving formats. https://github.com/libarchive/libarchive/issues/521 http://libarchive.github.io/google-code/issue-413/comment-0/bsdtar-invalid-read.rar -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- Many invalid memory access issues in libarchive Hanno Böck (Jun 17)
- Re: Many invalid memory access issues in libarchive cve-assign (Jun 17)