[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
A stack overflow when extracting a tar file with a long xattr key
From: |
Bahaa Naamneh |
Subject: |
A stack overflow when extracting a tar file with a long xattr key |
Date: |
Wed, 2 Aug 2023 10:48:38 +0200 |
A stack overflow exists in GNU Tar up to and including 1.34. This issue occurs at xattr_decoder() in xheader.c. The issue occurs with attempting to read a tar with xattr where the key is a longer string than what alloca() can allocate on the stack.
xattr_decoder() does not check the key size before calling alloca()
Attached to this report is a PoC file "atest1.tar.zip"
atest1.zip
Description: Zip compressed data
- A stack overflow when extracting a tar file with a long xattr key,
Bahaa Naamneh <=