[Buildroot] [PATCH 1/1] package/libarchive: fix CVE-2022-36227
Fabrice Fontaine
fontaine.fabrice at gmail.com
Fri Dec 2 21:59:05 UTC 2022
In libarchive 3.6.1, the software does not check for an error after
calling calloc function that can return with a NULL pointer if the
function fails, which leads to a resultant NULL pointer dereference.
NOTE: the discoverer cites this CWE-476 remark but third parties dispute
the code-execution impact: "In rare circumstances, when NULL is
equivalent to the 0x0 memory address and privileged code can access it,
then writing or reading memory is possible, which may lead to code
execution."
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
...chive-Handle-a-calloc-returning-NULL.patch | 38 +++++++++++++++++++
package/libarchive/libarchive.mk | 3 ++
2 files changed, 41 insertions(+)
create mode 100644 package/libarchive/0001-libarchive-Handle-a-calloc-returning-NULL.patch
diff --git a/package/libarchive/0001-libarchive-Handle-a-calloc-returning-NULL.patch b/package/libarchive/0001-libarchive-Handle-a-calloc-returning-NULL.patch
new file mode 100644
index 0000000000..75ce6112fe
--- /dev/null
+++ b/package/libarchive/0001-libarchive-Handle-a-calloc-returning-NULL.patch
@@ -0,0 +1,38 @@
+From bff38efe8c110469c5080d387bec62a6ca15b1a5 Mon Sep 17 00:00:00 2001
+From: obiwac <obiwac at gmail.com>
+Date: Fri, 22 Jul 2022 22:41:10 +0200
+Subject: [PATCH] libarchive: Handle a `calloc` returning NULL (fixes #1754)
+
+[Retrieved from:
+https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
+---
+ libarchive/archive_write.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c
+index 66592e826..27626b541 100644
+--- a/libarchive/archive_write.c
++++ b/libarchive/archive_write.c
+@@ -201,6 +201,10 @@ __archive_write_allocate_filter(struct archive *_a)
+ struct archive_write_filter *f;
+
+ f = calloc(1, sizeof(*f));
++
++ if (f == NULL)
++ return (NULL);
++
+ f->archive = _a;
+ f->state = ARCHIVE_WRITE_FILTER_STATE_NEW;
+ if (a->filter_first == NULL)
+@@ -548,6 +552,10 @@ archive_write_open2(struct archive *_a, void *client_data,
+ a->client_data = client_data;
+
+ client_filter = __archive_write_allocate_filter(_a);
++
++ if (client_filter == NULL)
++ return (ARCHIVE_FATAL);
++
+ client_filter->open = archive_write_client_open;
+ client_filter->write = archive_write_client_write;
+ client_filter->close = archive_write_client_close;
diff --git a/package/libarchive/libarchive.mk b/package/libarchive/libarchive.mk
index 865f605e2f..649b7dd4dc 100644
--- a/package/libarchive/libarchive.mk
+++ b/package/libarchive/libarchive.mk
@@ -12,6 +12,9 @@ LIBARCHIVE_LICENSE = BSD-2-Clause, BSD-3-Clause, CC0-1.0, OpenSSL, Apache-2.0
LIBARCHIVE_LICENSE_FILES = COPYING
LIBARCHIVE_CPE_ID_VENDOR = libarchive
+# 0001-libarchive-Handle-a-calloc-returning-NULL.patch
+LIBARCHIVE_IGNORE_CVES += CVE-2022-36227
+
ifeq ($(BR2_PACKAGE_LIBARCHIVE_BSDTAR),y)
ifeq ($(BR2_STATIC_LIBS),y)
LIBARCHIVE_CONF_OPTS += --enable-bsdtar=static
--
2.35.1
More information about the buildroot
mailing list