A stack overflow when extracting a tar file with a long xattr key

bug-tar

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A stack overflow when extracting a tar file with a long xattr key

From:	Bahaa Naamneh
Subject:	A stack overflow when extracting a tar file with a long xattr key
Date:	Wed, 2 Aug 2023 10:48:38 +0200

A stack overflow exists in GNU Tar up to and including 1.34. This issue occurs at xattr_decoder() in xheader.c. The issue occurs with attempting to read a tar with xattr where the key is a longer string than what alloca() can allocate on the stack.

xattr_decoder() does not check the key size before calling alloca()

Attached to this report is a PoC file "atest1.tar.zip"

atest1.zip
Description: Zip compressed data

[Prev in Thread]

Current Thread

[Next in Thread]

A stack overflow when extracting a tar file with a long xattr key, Bahaa Naamneh <=
- Re: ***UNCHECKED*** A stack overflow when extracting a tar file with a long xattr key, Paul Eggert, 2023/08/02

Prev by Date: Re: --set-mtime-command (was Re: posix atime/ctime changes despite mtime being set)
Next by Date: Re: --set-mtime-command (was Re: posix atime/ctime changes despite mtime being set)
Previous by thread: Fix 'make dist' for the pre-release HEAD
Next by thread: Re: ***UNCHECKED*** A stack overflow when extracting a tar file with a long xattr key
Index(es):
- Date
- Thread