RepoMirrors
/
abuild
mirror of https://gitlab.alpinelinux.org/alpine/abuild.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Alpine build tools
1,511 Commits 4 Branches 175 Tags 21 MiB
Shell 64.7%
Perl 19%
C 9.9%
Ruby 4.2%
Makefile 2.2%
Go to file
Samanta Navarro f8208aded0 abuild-tar: do not read past corrupt tar header 
The abuild-tar binary can read past the end of an invalid tar header if
the contained link name does not end with a terminating NUL character.
In this case it reads past the end of hdr.linkname and maybe even past
the end of the header if no further NUL bytes are contained.

The strnlen function is used in apk-tools for such cases as well, so I
recommend to use it here too.

How to reproduce (compile abuild-tar with -fsanitize=address):

cat > poc.tar.b64 << EOF
b3dvAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwMDAwMDAAMDAwMDAw
MAAwMDAwMDAwADAwMDAwMDAwMDAwADAwMDAwMDAwMDAwADAwMDAwMAAAMm93b29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb28=
EOF
base64 -d < poc.tar.b64 | abuild-tar --hash
 		2022-11-30 13:16:19 +00:00
tests abuild-tar: add test for --hash 2022-11-30 13:02:18 +01:00
.editorconfig .editorconfig: add Makefile rules 2020-03-23 13:16:01 +00:00
.gitattributes gitlab: highlight abuild.in as shell 2022-05-03 12:42:36 +02:00
.gitignore tests: pre-generate abuild keys 2022-11-29 09:08:14 +00:00
.gitlab-ci.yml ci: add job to run tests 2021-10-07 17:24:10 +02:00
APKBUILD.5.scd Convert man pages to scdoc 2021-10-11 18:31:29 +00:00
COPYING add license GPL-2.0-only WITH OpenSSL-Exception 2020-10-23 11:30:25 -03:00
Makefile ==== release 3.10.0 ==== 2022-11-29 10:37:08 +01:00
abuild-fetch.c abuild: fix typos 2021-09-21 09:15:34 +00:00
abuild-gzsplit.c abuild: avoid calculations with void pointers 2021-10-11 18:34:27 +00:00
abuild-keygen.in abuild-keygen: use doas instead of sudo 2022-06-22 16:41:51 +02:00
abuild-rmtemp.c *: say we are using GPL-2.0-only 2020-10-23 11:39:18 -03:00
abuild-sign.in abuild-sign: fix --installed to detect missing keys 2022-06-22 16:13:07 +02:00
abuild-sudo.c abuild: avoid calculations with void pointers 2021-10-11 18:34:27 +00:00
abuild-tar.c abuild-tar: do not read past corrupt tar header 2022-11-30 13:16:19 +00:00
abuild.conf abuild.conf: set release profile optimisations for cargo 2022-07-26 15:04:00 +00:00
abuild.in abuild: fix amove corner cases 2022-09-23 12:31:56 +02:00
abump.in abump: source APKBUILD in subshell 2022-10-15 11:06:53 +00:00
apkbuild-cpan.in apkbuild-cpan.in: prevent inserting extra new line before checksum on upgrade 2021-06-10 14:31:02 +00:00
apkbuild-gem-resolver.in add .editorconfig and fix code formatting 2016-08-20 16:16:37 +02:00
apkbuild-pypi.in apkbuild-pypi.in: remove empty variables 2021-01-23 20:43:26 +00:00
apkgrel.in apkgrel: pass -- to git with name of file in do_add 2022-06-14 13:41:14 +00:00
bootchartd replace deprecated `...` syntax with $(...) in shell scripts 2016-08-23 00:09:07 +02:00
buildlab.in buildlab: use grep -E instead of egrep 2022-09-12 17:20:47 +02:00
checkapk.in *: say we are using GPL-2.0-only 2020-10-23 11:39:18 -03:00
config.guess Update config.guess, config.sub, to 2020-11-19 2021-01-04 20:28:09 +01:00
config.sub Update config.guess, config.sub, to 2020-11-19 2021-01-04 20:28:09 +01:00
functions.sh.in functions.sh.in: Export original CC, CXX, CPPFLAGS, CXXFLAGS, CFLAGS, LDFLAGS in BUILDCC, BUILDCXX, BUILDLD, BUILDCPPFLAGS, BUILDCXXFLAGS, BUILDCFLAGS, BUILDLDFLAGS Default CC to gcc, CXX to g++, LD to ld 2022-08-30 10:38:38 +02:00
newapkbuild.1.scd Convert man pages to scdoc 2021-10-11 18:31:29 +00:00
newapkbuild.in newapkbuild: make meson test use --print-errorlogs 2022-10-25 09:25:56 +00:00
sample.APKBUILD sample.APKBUILD: use https for sourceforge download links 2018-09-24 21:43:49 +02:00
sample.confd sample: use lowercase in init.d/conf.d sample files 2009-12-30 08:55:33 +00:00
sample.initd sample.initd: modernize 2016-06-13 12:34:05 +00:00
sample.post-install fix typo in sample for pre and post install 2020-02-05 17:27:26 +01:00
sample.pre-install fix typo in sample for pre and post install 2020-02-05 17:27:26 +01:00