1 files changed, 57 insertions, 0 deletions

diff --git a/gnu/packages/patches/libtar-CVE-2021-33643-CVE-2021-33644.patch b/gnu/packages/patches/libtar-CVE-2021-33643-CVE-2021-33644.patch
new file mode 100644
index 0000000000..bee0b38f87
--- /dev/null
+++ b/gnu/packages/patches/libtar-CVE-2021-33643-CVE-2021-33644.patch
@@ -0,0 +1,57 @@
+From 8b0aae25e85fafcf65545dbdbd1a42a183485a91 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <[email protected]>
+Date: Aug 26 2022 13:55:09 +0000
+Subject: fix out-of-bounds read in gnu_long{name,link}
+
+
+Resolves: CVE-2021-33643
+Resolves: CVE-2021-33644
+
+---
+
+diff --git a/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch b/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch
+new file mode 100644
+index 0000000..f6692c3
+--- /dev/null
++++ b/libtar-1.2.20-CVE-2021-33643-CVE-2021-33644.patch
+@@ -0,0 +1,40 @@
++From 3936c7aa74d89e7a91dfbb2c1b7bfcad58a0355d Mon Sep 17 00:00:00 2001
++From: shixuantong <[email protected]>
++Date: Wed, 6 Apr 2022 17:40:57 +0800
++Subject: [PATCH 1/2] Ensure that sz is greater than 0.
++
++---
++ lib/block.c | 10 ++++++++++
++ 1 file changed, 10 insertions(+)
++
++diff --git a/lib/block.c b/lib/block.c
++index 092bc28..f12c4bc 100644
++--- a/lib/block.c
+++++ b/lib/block.c
++@@ -118,6 +118,11 @@ th_read(TAR *t)
++ 	if (TH_ISLONGLINK(t))
++ 	{
++ 		sz = th_get_size(t);
+++		if ((int)sz <= 0)
+++		{
+++			errno = EINVAL;
+++			return -1;
+++		}
++ 		blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
++ 		if (blocks > ((size_t)-1 / T_BLOCKSIZE))
++ 		{
++@@ -168,6 +173,11 @@ th_read(TAR *t)
++ 	if (TH_ISLONGNAME(t))
++ 	{
++ 		sz = th_get_size(t);
+++		if ((int)sz <= 0)
+++		{
+++			errno = EINVAL;
+++			return -1;
+++		}
++ 		blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
++ 		if (blocks > ((size_t)-1 / T_BLOCKSIZE))
++ 		{
++-- 
++2.37.1
++