diff options
author | Pavel Raiskup <praiskup@redhat.com> | 2018-11-23 14:08:48 +0100 |
---|---|---|
committer | Pavel Raiskup <praiskup@redhat.com> | 2018-11-23 14:27:35 +0100 |
commit | d71b157c2f048f6c88bf9474743faabdc56f6015 (patch) | |
tree | 27c57799907c1baeb5f023a057e93c630e4ff8db /tar/write.c | |
parent | c114bb9fb585e7d74158afa7afbe8c44922479de (diff) | |
download | libarchive-d71b157c2f048f6c88bf9474743faabdc56f6015.tar.gz |
Fix use-after-free in delayed link processing (newc format)
During archiving, if some of the "delayed" hard link entries
happened to disappear on filesystem (or become unreadable) for
some reason (most probably race), the old code free()d the 'entry'
and continued with the loop; the next loop though dereferenced
'entry' and crashed the archiver.
Per report from Coverity.
Diffstat (limited to 'tar/write.c')
-rw-r--r-- | tar/write.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/tar/write.c b/tar/write.c index e15cc06c..c6e9fccc 100644 --- a/tar/write.c +++ b/tar/write.c @@ -540,8 +540,7 @@ write_archive(struct archive *a, struct bsdtar *bsdtar) lafe_warnc(archive_errno(disk), "%s", archive_error_string(disk)); bsdtar->return_value = 1; - archive_entry_free(entry); - continue; + goto next_entry; } /* @@ -559,13 +558,13 @@ write_archive(struct archive *a, struct bsdtar *bsdtar) bsdtar->return_value = 1; else archive_read_close(disk); - archive_entry_free(entry); - continue; + goto next_entry; } write_file(bsdtar, a, entry); - archive_entry_free(entry); archive_read_close(disk); +next_entry: + archive_entry_free(entry); entry = NULL; archive_entry_linkify(bsdtar->resolver, &entry, &sparse_entry); } |