| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
The `size` attribute may contain a negative or too large value. Check
the range of the `entry_bytes_remaining` in `pax_attribute` the same way
as `header_common`. The test which is added passes both with and without
this change in a normal debug build. It is necessary to run with
`-fsanitize=undefined` to see that the undefined behavior is avoided.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48467
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some specially crafted files declare invalid extraction parameters that
can confuse the RAR5 reader.
One of the arguments is the declared window size parameter that the
archive file can declare for each file stored in the archive. Some
crafted files declare window size equal to 0, which is clearly wrong.
This commit adds additional safety checks decreasing the tolerance of
the RAR5 format.
This commit also contains OSSFuzz sample #30459.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RAR5 reader uses several variables to manage the window buffer during
extraction: the buffer itself (`window_buf`), the current size of the
window buffer (`window_size`), and a helper variable (`window_mask`)
that is used to constrain read and write offsets to the window buffer.
Some specially crafted files can force the unpacker to update the
`window_mask` variable to a value that is out of sync with current
buffer size. If the `window_mask` will be bigger than the actual buffer
size, then an invalid access operation can happen (SIGSEGV).
This commit ensures that if the `window_size` and `window_mask` will be
changed, the window buffer will be reallocated to the proper size, so no
invalid memory operation should be possible.
This commit contains a test file from OSSFuzz #30442.
|
| |
|
|
|
|
|
|
|
|
| |
Added more range checks in the bit stream reading functions
(read_bits_16 and read_bits_32) in order to better guard against out of
memory reads.
This commit contains a test with OSSFuzz sample #30448.
|
|\
| |
| | |
support rar filters (without VM filter support)
|
| | |
|
|\ \
| | |
| | | |
Instrument gcc/clang to discard unused code during link
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Analogue to the parent cmake commit, with linker flag detection.
The former two split the functions and data into separate sections
within the object file. Which makes it easier for the latter to properly
garbage collect and discard unused sections.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
|
|/ /
| |
| |
| |
| | |
Add missing test_read_format_rar5_sfx.exe.uu
Be more verbose on failure
|
| |
| |
| |
| | |
Add some basic tests for operations on concatenated archives.
|
|\ \
| |/
|/| |
Zip entry size unset now honors user requested compression level
|
| | |
|
|/
|
|
| |
Based on test_compat_tar_hardlink.c and with input by Tim Kientzle.
|
|
|
|
|
|
|
| |
Use lchmod() instead of chmod() and tell the remaining functions that the
real file to be modified is a symbolic link.
Fixes #1566
|
|\
| |
| | |
On close, handle short writes from archive_write_callback
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The archive_write_callback passed to archive_write_open() is documented as:
"each call to the write callback function should translate to a single write(2) system call.
On success, the write callback should return the number of bytes actually written"
And in most places, the code repeatedly calls the write callback, but when flushing
the buffer at close, the write callback was called once, assuming it would write everything.
This could result in a truncated archive.
A test is added to test short writes in different code paths.
|
|\ \
| |/
|/| |
Added support of deflate algorithm in symbolic link decompression for zip archives
|
| |
| |
| |
| | |
archives
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
| |
Fixes #1258
|
| |
|
|
|
|
|
| |
Add test for PR #1348
Rename test_read_pax_schily_xattr to test_read_pax_xattr_schily
|
|
|
|
| |
Testcase for issue #1257 (PR #1297)
|
|
|
|
| |
Fixes #987
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One of the fields in RAR5's base block structure is the size of the
header. Some invalid files declare a 0 header size setting, which can
confuse the unpacker. Minimum header size for RAR5 base blocks is 7
bytes (4 bytes for CRC, and 3 bytes for the rest), so block size of 0
bytes should be rejected at header parsing stage.
The fix adds an error condition if header size of 0 bytes is detected.
In this case, the unpacker will not attempt to unpack the file, as the
header is corrupted.
The commit also adds OSSFuzz #20459 sample to test further regressions
in this area.
|
|
|
|
| |
Closes #1320
|
| |
|
|
|
|
| |
Fixes #1295
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RAR5 archives can contain files that span across multiple .rar files. If the
archive contains a big file that doesn't fit to first .rar file, then this file
is continued in another .rar file.
In this case, the RAR compressor first emits the FILE base block for this big
file in the first .rar file. Then, it finishes first .rar file, and creates the
new .rar file. In this new file, it emits the continuation FILE block that
marks start of the continuation data for the rest of the huge file.
The problem was that the RAR5 reader didn't ignore the window size declaration
when parsing through the continuation FILE base block. The malicious file could
declare a different window size inside the continuation base block than was
declared in the primary FILE base block in the previous volume. The window size
from continuation block was applied, but the actual window buffer was not
reallocated. This resulted in a potential SIGSEGV error, since bounary checks
for accessing the window buffer were working incorrectly (the window size
variable didn't match the actual window buffer size).
The commit fixes the issue by ignoring the window size declaration in the
continuation FILE base block when switching volumes.
The commit also contains a test case and OSSFuzz sample #19509.
|
|
|
|
|
|
|
| |
This allows us to control whether "SCHILY.xattr", "LIBARCHIVE.xattr" or
both headers (default) are written when storing extended attributes.
Document "hdrcharset" option for pax.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RAR5 archives can contain files compressed independently of each other,
and files that share a common window buffer, so files which are
compressed using 'solid' method. In the latter case, all files
are required to use the same window buffer, so window size should also
be the same.
OSSFuzz sample #15482 declares a different window size for multiple
solid files. RAR5 reader doesn't reallocate window buffer when
decompressing solid files, so it was possible to perform an
out-of-bounds read by declaring two solid files, where the second solid
file declared the window size parameter that was bigger than window size
used in first solid file.
This commit introduces additional checks to ensure all solid files are
using the same window size.
The commit also adds a test case using OSSFuzz sample #15482 to hunt
down regressions in the future.
Some other test cases had to be adjusted as well, because other OSSFuzz
samples were also declaring different window sizes for solid files. So
this commit has changed the error reporting for those invalid sample files.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RAR5 uses filters in order to mutate data just before compression, to
achieve a better compression ratio. After decompression, this mutation
needs to be reversed by processing various filters that the compressor
uses.
One of such filters is an ARM executable file filter, which changes some
bytes in the input stream if the stream is recognized as an executable
file with ARM native code.
This commit fixes the situation when the decompressor using an ARM filter
was referencing a byte outside current window buffer. Such action is
invalid and can produce segmentation faults.
This commit also adds a test using OSSFuzz sample #15431.
|
| |
|
|
|
|
|
|
|
|
| |
If read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed
to continue with next archive headers. In addition to
rar->start_new_table=1 we need to set rar->ppmd_valid=0.
Reported by: OSS-Fuzz issue 15120
|
|\
| |
| | |
Issue #1055: Ignore padding in Zip extra field data
|
| |\ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
PKWare's APPNOTE.TXT simply documents the extra field
as a concatenation of <header><data> objects. It does
not explicitly allow nor prohibit additional padding.
Libarchive originally treated any extraneous data in the
extra field as an indication of corruption and issued an
error.
However, some Zip writers do appear to include additional zero
bytes in the extra field and expect them to be ignored.
This works if:
* We consider a field type of 0000 to be a padding field.
* In particular, 0000 0000 is then a valid field with type zero
and zero bytes of data.
* If there are fewer than 4 bytes left at the end of the extra
data (too few to be a valid extra field object), ignore it.
With the above conventions, zero padding can occur anywhere in
the extra field as long as the padding occurs in a multiple of
four bytes. Any number of bytes can occur at the end: groups
of four bytes will be skipped as valid empty fields; any final
group of less than four bytes will be simply ignored.
The test exercises all of the above options; the extra field data for
the file in this archive has:
* Four zero bytes at the beginning
* A valid UX field
* A pad field of type zero with a non-zero length
* An additional three final bytes
By verifying that the UX data was read correctly and that there
were no errors, we can be confident that all of the padding here
was handled correctly.
|
| | |
| | |
| | |
| | | |
Fixes #1062
|
| | |
| | |
| | |
| | | |
Entry was missing in PR #1199
|
| | | |
|
| | | |
|
| |/
|/|
| |
| |
| | |
The zip specification supports storing path names in UTF-8 encoding
via the Info-ZIP Unicode Path Extra Field (0x7075).
|
| |
| |
| |
| | |
Add missing test archives to Makefile.am
|