packages/libarchive
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!86 fix CVE-2025-25724

Browse Source 
From: @ultra_planet 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock
This commit is contained in:
openeuler-ci-bot 2025-03-17 03:49:48 +00:00 committed by Gitee
commit 4d0a2dbdec
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
backport-CVE-2025-25724.patch Normal file
View File

@ -0,0 +1,34 @@
From 6636f89f5fe08a20de3b2d034712c781d3a67985 Mon Sep 17 00:00:00 2001
From: Peter Kaestle <peter@piie.net>
Date: Wed, 5 Mar 2025 15:01:14 +0100
Subject: [PATCH] tar/util.c: fix NULL pointer dereference issue on strftime
Fix CVE-2025-25724 by detecting NULL return of localtime_r(&tim, &tmbuf),
which could happen in case tim is incredible big.
In case this error is triggered, put an "INVALID DATE" string into the
outbuf.
Error poc: https://github.com/Ekkosun/pocs/blob/main/bsdtarbug
Signed-off-by: Peter Kaestle <peter@piie.net>
---
tar/util.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tar/util.c b/tar/util.c
index 3b099cb5f..f3cbdf0bb 100644
--- a/tar/util.c
+++ b/tar/util.c
@@ -749,7 +749,10 @@ list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry)
#else
ltime = localtime(&tim);
#endif
- strftime(tmp, sizeof(tmp), fmt, ltime);
+ if (ltime)
+ strftime(tmp, sizeof(tmp), fmt, ltime);
+ else
+ sprintf(tmp, "-- -- ----");
fprintf(out, " %s ", tmp);
safe_fprintf(out, "%s", archive_entry_pathname(entry));

9
libarchive.spec
View File

@ -2,7 +2,7 @@
Name: libarchive Name: libarchive
Version: 3.5.2 Version: 3.5.2
Release: 7 Release: 8
Summary: Multi-format archive and compression library Summary: Multi-format archive and compression library
License: BSD License: BSD
@ -20,6 +20,7 @@ Patch6003: backport-CVE-2021-31566.patch
Patch6004: backport-CVE-2022-26280.patch Patch6004: backport-CVE-2022-26280.patch
Patch6005: backport-CVE-2022-36227.patch Patch6005: backport-CVE-2022-36227.patch
Patch6006: backport-CVE-2024-20696.patch Patch6006: backport-CVE-2024-20696.patch
Patch6007: backport-CVE-2025-25724.patch
Patch9000: libarchive-uninitialized-value.patch Patch9000: libarchive-uninitialized-value.patch
@ -194,6 +195,12 @@ run_testsuite
%{_bindir}/bsdcat %{_bindir}/bsdcat
%changelog %changelog
* Tue Mar 11 2025 lingsheng <lingsheng1@h-partners.com> - 3.5.2-8
- Type:CVE
- ID:CVE-2025-25724
- SUG:NA
- DESC:fix CVE-2025-25724
* Thu Jun 06 2024 lingsheng <lingsheng1@h-partners.com> - 3.5.2-7 * Thu Jun 06 2024 lingsheng <lingsheng1@h-partners.com> - 3.5.2-7
- Type:CVE - Type:CVE
- ID:CVE-2024-20696 - ID:CVE-2024-20696