Re: Libarchive/bsdtar: multiple crashes

[Agostino Sarubbo <ago () gentoo org>]

On Thursday 15 September 2016 17:52:52 Agostino Sarubbo wrote:
> Hello all.
>
> I'd like to make people aware of the following crashes in 
libarchive/bsdtar 
> found by fuzzing (all issues are public on github):
>
> The most dangerous, an out of bounds stack write (which is also fixed 
> upstream):
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer
> -overflow-in-bsdtar_expand_char-util-c/ 
>
>
> The following are buffer over read of 1 (all are unfixed upstream ATM):
>
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-> 
> overflow-in-detect_form-archive_read_support_format_mtree-c/ 
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer
> -overflow-in-read_header-archive_read_support_format_7zip-c/
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruption
> unknown-crash-in-bid_entry-archive_read_support_format_mtree-c/
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer
> -overflow-in-bid_entry-archive_read_support_format_mtree-c/
>
> As stated in the posts, the two latest bug could be the same, but I 
didn't 
> have an upstream response about, so I posted both stacktrace to 
better
> track  the issues.
>
>
> The following are use-after-free (all are unfixed upstream ATM):
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-> 
> bid_entry-archive_read_support_format_mtree-c/
> https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in
> -detect_form-archive_read_support_format_mtree-c/
>
> As stated in the posts, they could be the same.
> I didn't have an upstream response too for those.

All issues mentioned in the previous posts, are now fixed in git.
I updated all posts with the git commit.

--
Agostino