38 lines
1.1 KiB
Diff
38 lines
1.1 KiB
Diff
From c9bc934e7e91d302e0feca6e713ccc38d6d01532 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Peter=20K=C3=A4stle?= <peter@piie.net>
|
|
Date: Mon, 10 Mar 2025 16:43:04 +0100
|
|
Subject: [PATCH] fix CVE-2025-1632 and CVE-2025-25724 (#2532)
|
|
|
|
Hi,
|
|
|
|
please find my approach to fix the CVE-2025-25724
|
|
vulnerabilities in this pr.
|
|
As both error cases did trigger a NULL pointer deref (and triggered
|
|
hopefully everywhere a coredump), we can safely replace the actual
|
|
information by a predefined invalid string without breaking any
|
|
functionality.
|
|
|
|
---------
|
|
|
|
Signed-off-by: Peter Kaestle <peter@piie.net>
|
|
---
|
|
tar/util.c | 5 ++++-
|
|
2 files changed, 11 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/tar/util.c b/tar/util.c
|
|
index 3b099cb5..f3cbdf0b 100644
|
|
--- a/tar/util.c
|
|
+++ b/tar/util.c
|
|
@@ -749,7 +749,10 @@ list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry)
|
|
#else
|
|
ltime = localtime(&tim);
|
|
#endif
|
|
- strftime(tmp, sizeof(tmp), fmt, ltime);
|
|
+ if (ltime)
|
|
+ strftime(tmp, sizeof(tmp), fmt, ltime);
|
|
+ else
|
|
+ sprintf(tmp, "-- -- ----");
|
|
fprintf(out, " %s ", tmp);
|
|
safe_fprintf(out, "%s", archive_entry_pathname(entry));
|
|
|