Fix use-after-free in delayed link processing (newc format)

During archiving, if some of the "delayed" hard link entries happened to disappear on filesystem (or become unreadable) for some reason (most probably race), the old code free()d the 'entry' and continued with the loop; the next loop though dereferenced 'entry' and crashed the archiver. Per report from Coverity.
author: Pavel Raiskup <praiskup@redhat.com> 2018-11-23 14:08:48 +0100
committer: Pavel Raiskup <praiskup@redhat.com> 2018-11-23 14:27:35 +0100
commit: d71b157c2f048f6c88bf9474743faabdc56f6015 (patch)
tree: 27c57799907c1baeb5f023a057e93c630e4ff8db
parent: c114bb9fb585e7d74158afa7afbe8c44922479de (diff)
download: libarchive-d71b157c2f048f6c88bf9474743faabdc56f6015.tar.gz
1 files changed, 4 insertions, 5 deletions
diff --git a/tar/write.c b/tar/write.c
index e15cc06c..c6e9fccc 100644
--- a/tar/write.c
+++ b/tar/write.c
@@ -540,8 +540,7 @@ write_archive(struct archive *a, struct bsdtar *bsdtar)
 			lafe_warnc(archive_errno(disk),
 			    "%s", archive_error_string(disk));
 			bsdtar->return_value = 1;
-			archive_entry_free(entry);
-			continue;
+			goto next_entry;
 		}
 
 		/*
@@ -559,13 +558,13 @@ write_archive(struct archive *a, struct bsdtar *bsdtar)
 				bsdtar->return_value = 1;
 			else
 				archive_read_close(disk);
-			archive_entry_free(entry);
-			continue;
+			goto next_entry;
 		}
 
 		write_file(bsdtar, a, entry);
-		archive_entry_free(entry);
 		archive_read_close(disk);
+next_entry:
+		archive_entry_free(entry);
 		entry = NULL;
 		archive_entry_linkify(bsdtar->resolver, &entry, &sparse_entry);
 	}
author	Pavel Raiskup <praiskup@redhat.com>	2018-11-23 14:08:48 +0100
committer	Pavel Raiskup <praiskup@redhat.com>	2018-11-23 14:27:35 +0100
commit	d71b157c2f048f6c88bf9474743faabdc56f6015 (patch)
tree	27c57799907c1baeb5f023a057e93c630e4ff8db
parent	c114bb9fb585e7d74158afa7afbe8c44922479de (diff)
download	libarchive-d71b157c2f048f6c88bf9474743faabdc56f6015.tar.gz