[Touch-packages] [Bug 1912091] Re: Memory Leak GNU Tar 1.33

Tue, 15 Mar 2022 15:27:00 -0700 

** Changed in: tar (Ubuntu Bionic)
       Status: New => Fix Released

** Changed in: tar (Ubuntu Focal)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tar in Ubuntu.
https://bugs.launchpad.net/bugs/1912091

Title:
  Memory Leak GNU Tar 1.33

Status in tar package in Ubuntu:
  Fix Released
Status in tar source package in Trusty:
  Fix Released
Status in tar source package in Xenial:
  Fix Released
Status in tar source package in Bionic:
  Fix Released
Status in tar source package in Focal:
  Fix Released

Bug description:
  
  An issue was discovered in GNU Tar 1.33 and earlier. There is a memory leak 
in read_header() in list.c in the tar application. Occastionally, ASAN detects 
an out of bounds memory read. Valgrind confirms the memory leak in the standard 
tar tool installed by default. This degrades the availability of the tar tool, 
and could potentially result in other memory-related issues.

  Common Weakness Enumeration IDs for reference:
  CWE-401: Missing Release of Memory after Effective Lifetime
  CWE-125: Out-of-bounds Read

  Attached to this report is a PoC malcrafted file "1311745-out-
  bounds.tar"

  VALGRIND OUTPUT:
  valgrind tar -xf 1311745-out-bounds.tar 
  ==3776== Memcheck, a memory error detector
  ==3776== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
  ==3776== Using Valgrind-3.16.1 and LibVEX; rerun with -h for copyright info
  ==3776== Command: tar -xf output/1311745-out-bounds.tar
  ==3776== 
  tar: Unexpected EOF in archive
  tar: Exiting with failure status due to previous errors
  ==3776== 
  ==3776== HEAP SUMMARY:
  ==3776==     in use at exit: 1,311,761 bytes in 2 blocks
  ==3776==   total heap usage: 52 allocs, 50 frees, 1,349,212 bytes allocated
  ==3776== 
  ==3776== LEAK SUMMARY:
  ==3776==    definitely lost: 1,311,745 bytes in 1 blocks
  ...

  NOTE: Version 1.30, 1.32, 1.33 were tested and confirmed to be
  vulnerable.

  lsb_release -rd
  Description:  Ubuntu 20.04.1 LTS
  Release:      20.04

  apt-cache policy tar
  tar:
    Installed: 1.30+dfsg-7ubuntu0.20.04.1
    Candidate: 1.30+dfsg-7ubuntu0.20.04.1

  ---
  Carlos

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1912091/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to