From 3f0dbb8f4edffefc89f54d9b6872cc2d5112d85e Mon Sep 17 00:00:00 2001
From: shixuantong <1726671442@qq.com>
Date: Mon, 20 Jun 2022 11:50:13 +0800
Subject: [PATCH] fix memory leak and ensure that sz is greater than 0.

---
 libtar.spec                                   |   9 +-
 ...ler-Ensure-that-sz-is-greater-than-0.patch |  40 ++++++
 openEuler-fix-memory-leak.patch               | 119 ++++++++++++++++++
 3 files changed, 167 insertions(+), 1 deletion(-)
 create mode 100644 openEuler-Ensure-that-sz-is-greater-than-0.patch
 create mode 100644 openEuler-fix-memory-leak.patch

diff --git a/libtar.spec b/libtar.spec
index b3ed3d3..995c9c0 100644
--- a/libtar.spec
+++ b/libtar.spec
@@ -1,6 +1,6 @@
 Name:           libtar
 Version:        1.2.20
-Release:        19
+Release:        20
 Summary:        Library for manipulating tar files from within C programs.
 License:        BSD
 URL:            http://repo.or.cz/libtar.git
@@ -12,6 +12,10 @@ Patch2:         libtar-1.2.20-fix-resource-leaks.patch
 Patch3:         libtar-1.2.11-bz729009.patch
 Patch4:         libtar-1.2.20-no-static-buffer.patch
 Patch5:         CVE-2013-4420.patch
+
+Patch9000:      openEuler-Ensure-that-sz-is-greater-than-0.patch
+Patch9001:      openEuler-fix-memory-leak.patch
+
 BuildRequires:  libtool git 
 
 %description
@@ -69,6 +73,9 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la
 %{_mandir}/man3/*.3*
 
 %changelog
+* Mon Jun 20 2022 shixuantong <shixuantong@h-partners.com> - 1.2.20-20
+- fix memory leak and ensure that sz is greater than 0.
+
 * Tue Jul 27 2021 yuanxin <yuanxin24@huawei.com> - 1.2.20-19
 - remove BuildRequires gdb
 
diff --git a/openEuler-Ensure-that-sz-is-greater-than-0.patch b/openEuler-Ensure-that-sz-is-greater-than-0.patch
new file mode 100644
index 0000000..b0b285f
--- /dev/null
+++ b/openEuler-Ensure-that-sz-is-greater-than-0.patch
@@ -0,0 +1,40 @@
+From 6bacfdcb84a4b80c7c026e926b7e1f84d6eed26d Mon Sep 17 00:00:00 2001
+From: shixuantong <1726671442@qq.com>
+Date: Wed, 6 Apr 2022 17:40:57 +0800
+Subject: [PATCH] Ensure that sz is greater than 0.
+
+---
+ lib/block.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/lib/block.c b/lib/block.c
+index 092bc28..80b41ac 100644
+--- a/lib/block.c
++++ b/lib/block.c
+@@ -118,6 +118,11 @@ th_read(TAR *t)
+ 	if (TH_ISLONGLINK(t))
+ 	{
+ 		sz = th_get_size(t);
++		if ((int)sz <= 0)
++		{
++			errno = EINVAL;
++			return -1;
++		}
+ 		blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
+ 		if (blocks > ((size_t)-1 / T_BLOCKSIZE))
+ 		{
+@@ -168,6 +173,11 @@ th_read(TAR *t)
+ 	if (TH_ISLONGNAME(t))
+ 	{
+ 		sz = th_get_size(t);
++		if ((int)sz <= 0)
++		{
++			errno = EINVAL;
++			return -1;
++		}
+ 		blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0);
+ 		if (blocks > ((size_t)-1 / T_BLOCKSIZE))
+ 		{
+-- 
+1.8.3.1
+
diff --git a/openEuler-fix-memory-leak.patch b/openEuler-fix-memory-leak.patch
new file mode 100644
index 0000000..9110901
--- /dev/null
+++ b/openEuler-fix-memory-leak.patch
@@ -0,0 +1,119 @@
+From 8ba8e71a2b86d08ddd3478a4797170f95766c2af Mon Sep 17 00:00:00 2001
+From: shixuantong <shixuantong@h-partners.com>
+Date: Sat, 7 May 2022 17:04:46 +0800
+Subject: [PATCH] fix memory leak
+
+---
+ lib/libtar.h    |  1 +
+ lib/util.c      |  9 ++++++++-
+ lib/wrapper.c   | 11 +++++++++++
+ libtar/libtar.c |  3 +++
+ 4 files changed, 23 insertions(+), 1 deletion(-)
+
+diff --git a/lib/libtar.h b/lib/libtar.h
+index 08a8e0f..8b00e93 100644
+--- a/lib/libtar.h
++++ b/lib/libtar.h
+@@ -285,6 +285,7 @@ int oct_to_int(char *oct);
+ /* integer to string-octal conversion, no NULL */
+ void int_to_oct_nonull(int num, char *oct, size_t octlen);
+ 
++void free_longlink_longname(struct tar_header th_buf);
+ 
+ /***** wrapper.c **********************************************************/
+ 
+diff --git a/lib/util.c b/lib/util.c
+index 11438ef..8a42e62 100644
+--- a/lib/util.c
++++ b/lib/util.c
+@@ -15,6 +15,7 @@
+ #include <stdio.h>
+ #include <sys/param.h>
+ #include <errno.h>
++#include <stdlib.h>
+ 
+ #ifdef STDC_HEADERS
+ # include <string.h>
+@@ -160,4 +161,10 @@ int_to_oct_nonull(int num, char *oct, size_t octlen)
+ 	oct[octlen - 1] = ' ';
+ }
+ 
+-
++void free_longlink_longname(struct tar_header th_buf)
++{
++	if (th_buf.gnu_longname != NULL)
++		free(th_buf.gnu_longname);
++	if (th_buf.gnu_longlink !=NULL)
++		free(th_buf.gnu_longlink);
++}
+diff --git a/lib/wrapper.c b/lib/wrapper.c
+index 44cc435..df6d617 100644
+--- a/lib/wrapper.c
++++ b/lib/wrapper.c
+@@ -36,7 +36,10 @@ tar_extract_glob(TAR *t, char *globname, char *prefix)
+ 		if (fnmatch(globname, filename, FNM_PATHNAME | FNM_PERIOD))
+ 		{
+ 			if (TH_ISREG(t) && tar_skip_regfile(t))
++			{
++				free_longlink_longname(t->th_buf);
+ 				return -1;
++			}
+ 			continue;
+ 		}
+ 		if (t->options & TAR_VERBOSE)
+@@ -46,9 +49,13 @@ tar_extract_glob(TAR *t, char *globname, char *prefix)
+ 		else
+ 			strlcpy(buf, filename, sizeof(buf));
+ 		if (tar_extract_file(t, buf) != 0)
++		{
++			free_longlink_longname(t->th_buf);
+ 			return -1;
++		}
+ 	}
+ 
++	free_longlink_longname(t->th_buf);
+ 	return (i == 1 ? 0 : -1);
+ }
+ 
+@@ -82,9 +89,13 @@ tar_extract_all(TAR *t, char *prefix)
+ 		       "\"%s\")\n", buf);
+ #endif
+ 		if (tar_extract_file(t, buf) != 0)
++		{
++			free_longlink_longname(t->th_buf);
+ 			return -1;
++		}
+ 	}
+ 
++	free_longlink_longname(t->th_buf);
+ 	return (i == 1 ? 0 : -1);
+ }
+ 
+diff --git a/libtar/libtar.c b/libtar/libtar.c
+index 23f8741..7e7354f 100644
+--- a/libtar/libtar.c
++++ b/libtar/libtar.c
+@@ -196,6 +196,7 @@ list(char *tarfile)
+ 		{
+ 			fprintf(stderr, "tar_skip_regfile(): %s\n",
+ 				strerror(errno));
++			free_longlink_longname(t->th_buf);
+ 			return -1;
+ 		}
+ 	}
+@@ -217,10 +218,12 @@ list(char *tarfile)
+ 
+ 	if (tar_close(t) != 0)
+ 	{
++		free_longlink_longname(t->th_buf);
+ 		fprintf(stderr, "tar_close(): %s\n", strerror(errno));
+ 		return -1;
+ 	}
+ 
++	free_longlink_longname(t->th_buf);
+ 	return 0;
+ }
+ 
+-- 
+1.8.3.1
+