guix/gnu/packages/patches/libtar-CVE-2021-33643-CVE-2021-33644.patch

From 8b0aae25e85fafcf65545dbdbd1a42a183485a91 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Aug 26 2022 13:55:09 +0000
Subject: fix out-of-bounds read in gnu_long{name,link}


Resolves: CVE-2021-33643
Resolves: CVE-2021-33644

---

diff --git a/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch b/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch
new file mode 100644
index 0000000..f6692c3
--- /dev/null
+++ b/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch
@@ -0,0 +1,40 @@
+From 3936c7aa74d89e7a91dfbb2c1b7bfcad58a0355d Mon Sep 17 00:00:00 2001
+From: shixuantong <1726671442@qq.com>
+Date: Wed, 6 Apr 2022 17:40:57 +0800
+Subject: [PATCH 1/2] Ensure that sz is greater than 0.
+
+---
+ lib/block.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/lib/block.c b/lib/block.c
+index 092bc28..f12c4bc 100644
+--- a/lib/block.c
++++ b/lib/block.c
+@@ -118,6 +118,11 @@ th_read(TAR *t)
+ 	if (TH_ISLONGLINK(t))
+ 	{
+ 		sz = th_get_size(t);
++		if ((int)sz <= 0)
++		{
++			errno = EINVAL;
++			return -1;
++		}
+ 		blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
+ 		if (blocks > ((size_t)-1 / T_BLOCKSIZE))
+ 		{
+@@ -168,6 +173,11 @@ th_read(TAR *t)
+ 	if (TH_ISLONGNAME(t))
+ 	{
+ 		sz = th_get_size(t);
++		if ((int)sz <= 0)
++		{
++			errno = EINVAL;
++			return -1;
++		}
+ 		blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
+ 		if (blocks > ((size_t)-1 / T_BLOCKSIZE))
+ 		{
+-- 
+2.37.1
+