From b531801d6f49d64a126720e6004aae7c800764b2 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@fb.com>
Date: Sat, 7 Apr 2018 08:41:46 -0700
Subject: --one-top-level: avoid a heap-buffer-overflow

* NEWS: Mention this.
* src/suffix.c (strip_compression_suffix): Fix string comparison guard.
Without this change, some ASAN-enabled test runs would fail with the
following.  Also, strip an additional .tar suffix only if the just-
stripped suffix did not match /^\.t/".

==30815==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000002ed at pc 0x00000049d1f4 bp 0x7ffeb5906d50 sp 0x7ffeb5906500
READ of size 1 at 0x6020000002ed thread T0
SCARINESS: 12 (1-byte-read-heap-buffer-overflow)
    #0 0x49d1f3 in __interceptor_strncmp /j/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:407
    #1 0x5670f3 in strip_compression_suffix /j/tar/src/suffix.c:107
    #2 0x575788 in decode_options /j/tar/src/tar.c:2545
    #3 0x5760c0 in main /j/tar/src/tar.c:2708
    #4 0x7f105090df29 in __libc_start_main ../csu/libc-start.c:308
    #5 0x408629 in _start (/j/tar/src/tar+0x408629)

0x6020000002ed is located 3 bytes to the left of 6-byte region [0x6020000002f0,0x6020000002f6)
allocated by thread T0 here:
    #0 0x4d0710 in __interceptor_malloc /j/gcc/libsanitizer/asan/asan_malloc_linux.cc:86
    #1 0x4908ad in __interceptor_strndup /j/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:326
    #2 0x5cbcbd in xstrndup /j/tar/gnu/xstrndup.c:32
    #3 0x5a325b in base_name /j/tar/gnu/basename.c:57
    #4 0x575772 in decode_options /j/tar/src/tar.c:2544
    #5 0x5760c0 in main /j/tar/src/tar.c:2708
    #6 0x7f105090df29 in __libc_start_main ../csu/libc-start.c:308
---
 NEWS | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 998258e8..ee607ed2 100644
--- a/NEWS
+++ b/NEWS
@@ -1,9 +1,12 @@
-GNU tar NEWS - User visible changes. 2018-03-18
+GNU tar NEWS - User visible changes. 2018-04-07
 Please send GNU tar bug reports to <bug-tar@gnu.org>
 
 
 version 1.30.90 (Git)
 
+* Fix heap-buffer-overrun with --one-top-level.
+Bug introduced with the addition of that option in 1.28.
+
 * Support for zstd compression
 
 New option '--zstd' instructs tar to use zstd as compression program.
@@ -53,7 +56,7 @@ causing subsequent link extractions in that directory to fail.
 
 This new warning control option suppresses warning messages about
 unreadable files and directories. It has effect only if used together
-with the --ignore-failed-read option.  
+with the --ignore-failed-read option.
 
 * The --warnings=none option now suppresses all warnings
 
-- 
cgit v1.2.1