Просмотр исходного кода

libdpkg: Do not leak long tar names on bogus tar archives

Make sure we free the long names, in case of a bogus or truncated
tar archive with long entries not followed by a normal entry.

Warned-by: coverity
Guillem Jover лет назад: 12
Родитель
Сommit
055717db09
2 измененных файлов с 5 добавлено и 0 удалено
  1. 1 0
      debian/changelog
  2. 4 0
      lib/dpkg/tarfn.c

+ 1 - 0
debian/changelog

@@ -4,6 +4,7 @@ dpkg (1.17.9) UNRELEASED; urgency=low
   * Do not allow patch files with C-style encoded filenames. Closes: #746306
     Unconditionally fixes CVE-2014-0471.
   * Switch alternative database backups from xz to gzip. Closes: #746354
+  * Do not leak long tar names on bogus or truncated archives.
 
   [ Updated scripts translations ]
   * French (Steve Petruzzello). Closes: #746350

+ 4 - 0
lib/dpkg/tarfn.c

@@ -377,6 +377,10 @@ tar_extractor(void *ctx, const struct tar_operations *ops)
 		free(symlink_head);
 		symlink_head = symlink_node;
 	}
+	/* Make sure we free the long names, in case of a bogus or truncated
+	 * tar archive with long entries not followed by a normal entry. */
+	free(next_long_name);
+	free(next_long_link);
 
 	if (status > 0) {
 		/* Indicates broken tarfile: “Read partial header record”. */