guix/gnu/packages/patches/libtar-CVE-2021-33645-CVE-2021-33646.patch

From 3c7b1fd9bb63d74ecd38b71ffc876dca3ac87a8b Mon Sep 17 00:00:00 2001
From: shixuantong <shixuantong@h-partners.com>
Date: Sat, 7 May 2022 17:04:46 +0800
Subject: [PATCH 2/2] fix memory leak

---
 lib/libtar.h    |  1 +
 lib/util.c      |  9 ++++++++-
 lib/wrapper.c   | 11 +++++++++++
 libtar/libtar.c |  3 +++
 4 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/lib/libtar.h b/lib/libtar.h
index 08a8e0f..8b00e93 100644
--- a/lib/libtar.h
+++ b/lib/libtar.h
@@ -285,6 +285,7 @@ int oct_to_int(char *oct);
 /* integer to string-octal conversion, no NULL */
 void int_to_oct_nonull(int num, char *oct, size_t octlen);
 
+void free_longlink_longname(struct tar_header th_buf);
 
 /***** wrapper.c **********************************************************/
 
diff --git a/lib/util.c b/lib/util.c
index 11438ef..8a42e62 100644
--- a/lib/util.c
+++ b/lib/util.c
@@ -15,6 +15,7 @@
 #include <stdio.h>
 #include <sys/param.h>
 #include <errno.h>
+#include <stdlib.h>
 
 #ifdef STDC_HEADERS
 # include <string.h>
@@ -160,4 +161,10 @@ int_to_oct_nonull(int num, char *oct, size_t octlen)
 	oct[octlen - 1] = ' ';
 }
 
-
+void free_longlink_longname(struct tar_header th_buf)
+{
+	if (th_buf.gnu_longname != NULL)
+		free(th_buf.gnu_longname);
+	if (th_buf.gnu_longlink !=NULL)
+		free(th_buf.gnu_longlink);
+}
diff --git a/lib/wrapper.c b/lib/wrapper.c
index 2d3f5b9..9d2f3bf 100644
--- a/lib/wrapper.c
+++ b/lib/wrapper.c
@@ -36,7 +36,10 @@ tar_extract_glob(TAR *t, char *globname, char *prefix)
 		if (fnmatch(globname, filename, FNM_PATHNAME | FNM_PERIOD))
 		{
 			if (TH_ISREG(t) && tar_skip_regfile(t))
+			{
+				free_longlink_longname(t->th_buf);
 				return -1;
+			}
 			continue;
 		}
 		if (t->options & TAR_VERBOSE)
@@ -46,9 +49,13 @@ tar_extract_glob(TAR *t, char *globname, char *prefix)
 		else
 			strlcpy(buf, filename, sizeof(buf));
 		if (tar_extract_file(t, buf) != 0)
+		{
+			free_longlink_longname(t->th_buf);
 			return -1;
+		}
 	}
 
+	free_longlink_longname(t->th_buf);
 	return (i == 1 ? 0 : -1);
 }
 
@@ -82,9 +89,13 @@ tar_extract_all(TAR *t, char *prefix)
 		       "\"%s\")\n", buf);
 #endif
 		if (tar_extract_file(t, buf) != 0)
+		{
+			free_longlink_longname(t->th_buf);
 			return -1;
+		}
 	}
 
+	free_longlink_longname(t->th_buf);
 	return (i == 1 ? 0 : -1);
 }
 
diff --git a/libtar/libtar.c b/libtar/libtar.c
index ac339e7..b992abb 100644
--- a/libtar/libtar.c
+++ b/libtar/libtar.c
@@ -197,6 +197,7 @@ list(char *tarfile)
 		{
 			fprintf(stderr, "tar_skip_regfile(): %s\n",
 				strerror(errno));
+			free_longlink_longname(t->th_buf);
 			return -1;
 		}
 	}
@@ -218,10 +219,12 @@ list(char *tarfile)
 
 	if (tar_close(t) != 0)
 	{
+		free_longlink_longname(t->th_buf);
 		fprintf(stderr, "tar_close(): %s\n", strerror(errno));
 		return -1;
 	}
 
+	free_longlink_longname(t->th_buf);
 	return 0;
 }
 
-- 
2.37.1