backups: fix buffer overflow in tar2qfile
Buffer for directory headers history was too small. This can be exploitable by some attacker capable of controlling backup stream, but it isn't any security problem. We don't assume this part of backup system to be trusted, the attacker can at most prevent user from restoring some data, but will neither gain access to them, or compromise any other Qubes component. This is equivalent to bug in any other tool used in backup vm (like FTP client) and the Qubes backup system is designed specifically to minimize impact of such bugs.
This commit is contained in:
parent
e9eb43e026
commit
7953af970d
@ -756,7 +756,7 @@ ustar_rd (int fd, struct file_header * untrusted_hdr, char *buf, struct stat * s
|
|||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
fprintf(stderr,"Inserting %s into register\n",path);
|
fprintf(stderr,"Inserting %s into register\n",path);
|
||||||
#endif
|
#endif
|
||||||
dirs_headers_sent = realloc(dirs_headers_sent, sizeof (char*) * n_dirs++);
|
dirs_headers_sent = realloc(dirs_headers_sent, sizeof (char*) * (++n_dirs));
|
||||||
if (dirs_headers_sent == NULL)
|
if (dirs_headers_sent == NULL)
|
||||||
return MEMORY_ALLOC_FAILED;
|
return MEMORY_ALLOC_FAILED;
|
||||||
dirs_headers_sent[n_dirs-1] = malloc(sizeof (char) * (strlen(path)+1));
|
dirs_headers_sent[n_dirs-1] = malloc(sizeof (char) * (strlen(path)+1));
|
||||||
|
Loading…
Reference in New Issue
Block a user