8000 Fatal if field[0].start is null by AZero13 · Pull Request #2612 · libarchive/libarchive · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Fatal if field[0].start is null #2612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 20, 2025
Merged

Fatal if field[0].start is null #2612

merged 1 commit into from
May 20, 2025

Conversation

AZero13
Copy link
Contributor
@AZero13 AZero13 commented May 17, 2025

We should not get here, but given that the check exists, we should not let it happen if this is NULL because otherwise we just dereference it later on.

@AZero13 AZero13 force-pushed the okay-what branch 2 times, most recently from 7eb3a0a to e485de7 Compare May 17, 2025 23:40
@kientzle
Copy link
Contributor

This looks reasonable, but shouldn't we make the same change in archive_acl_from_text_nl down around line 1679?

@mmatuska
Copy link
Member

Here is actually more to do - next_field_w() should get the same length protection as next_field(), otherwise you may end in out of bounds reads or an infinite loop. So archive_acl_from_text_w shoud wrap in a new archive_acl_from_text_wl().

Does an malformed ACL entry mean we completely bail out or do we just skip it?

@AZero13
Fatal if field[0].start or field[0].end is null
bde1c16 
We should not get here, but given that the check exists, we should not let it happen if this is NULL because otherwise we just dereference it later on.
@kientzle kientzle merged commit 352b710 into libarchive:master May 20, 2025
20 checks passed
@AZero13
Copy link
Contributor Author
AZero13 commented May 20, 2025

Here is actually more to do - next_field_w() should get the same length protection as next_field(), otherwise you may end in out of bounds reads or an infinite loop. So archive_acl_from_text_w shoud wrap in a new archive_acl_from_text_wl().

Does an malformed ACL entry mean we completely bail out or do we just skip it?

I don't know what to do here in this case.

I just think we should protect from this. Was wondering if I had to do anything else but yeah this seems fine for now. Wondering what else we should do in this area.

@AZero13 AZero13 deleted the okay-what branch May 20, 2025 03:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kientzle kientzle kientzle approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AZero13 @kientzle @mmatuska
0