[Reproducible-commits] [dpkg] 06/25: libdpkg: Do not leak long tar names on bogus tar archives
Holger Levsen
holger at layer-acht.org
Tue May 3 08:43:53 UTC 2016
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to annotated tag 1.16.16
in repository dpkg.
commit 44a7fca84cb32bb98999546685a5492b02fa6a60
Author: Guillem Jover <guillem at debian.org>
Date: Mon Apr 28 20:48:14 2014 +0200
libdpkg: Do not leak long tar names on bogus tar archives
Cherry picked from commit 055717db09c9b6de7bf3cd9e12fd579d8002e565.
Make sure we free the long names, in case of a bogus or truncated
tar archive with long entries not followed by a normal entry.
Warned-by: coverity
---
debian/changelog | 3 +++
lib/dpkg/tarfn.c | 4 ++++
2 files changed, 7 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 6313a1d..08e2fa6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,8 @@
dpkg (1.16.15+nmu1) UNRELEASED; urgency=low
+ [ Guillem Jover ]
+ * Do not leak long tar names on bogus or truncated archives.
+
[ Updated scripts translations ]
* Fix typos in German (Helge Kreutzmann)
* Swedish (Peter Krefting).
diff --git a/lib/dpkg/tarfn.c b/lib/dpkg/tarfn.c
index 90d5071..5b3b39b 100644
--- a/lib/dpkg/tarfn.c
+++ b/lib/dpkg/tarfn.c
@@ -377,6 +377,10 @@ tar_extractor(void *ctx, const struct tar_operations *ops)
free(symlink_head);
symlink_head = symlink_node;
}
+ /* Make sure we free the long names, in case of a bogus or truncated
+ * tar archive with long entries not followed by a normal entry. */
+ free(next_long_name);
+ free(next_long_link);
if (status > 0) {
/* Indicates broken tarfile: “Read partial header record”. */
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list