touch-packages team mailing list archive

Thread
Date

[Bug 1487020] Re: BSD Tar is allocating gigabytes to list files

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxx>
Date: Mon, 31 Aug 2015 15:15:17 -0000
Reply-to: Bug 1487020 <1487020@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thanks Gustavo - I don't see how an attacker could leverage this since
it is seemingly harmless. I think we should treat it as a normal bug so
I'm making this report public.

** Information type changed from Private Security to Public

** Changed in: libarchive (Ubuntu)
       Status: Incomplete => Confirmed

** Changed in: libarchive (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to libarchive in Ubuntu.
https://bugs.launchpad.net/bugs/1487020

Title:
  BSD Tar is allocating gigabytes to list files

Status in libarchive package in Ubuntu:
  Confirmed

Bug description:
  Hello!

  Our fuzzer found an interesting test case in which BSD tar allocates a few gigabytes just to show the filenames of a tar file. You can run check it using: ltrace -e malloc /usr/bin/bsdtar -tf buggy.bsd-out-of-memory.tar
  In the ltrace output you can easily spot:

  ....
  libarchive.so.13->malloc(5609768313)
  ....

  We checked in the source code and we think it is not possible to
  perfom an integer overflow (but of course we are not completely sure).
  We email you this test case privately because of the possible security
  implications of it. This issue seems to be fixed in the last revisions
  of libarchive.

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1487020/+subscriptions