Bug 985669 - (CVE-2015-8929) VUL-1: CVE-2015-8929: bsdtar,libarchive: minor memory leak in tar parser
(CVE-2015-8929)
VUL-1: CVE-2015-8929: bsdtar,libarchive: minor memory leak in tar parser
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Adrian Schröter
Security Team bot
https://smash.suse.de/issue/170284/
CVSSv2:SUSE:CVE-2015-8929:4.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-06-20 14:03 UTC by Marcus Meissner
Modified: 2019-05-22 01:05 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
d24e79e.patch (2.61 KB, patch)
2016-06-20 14:06 UTC, Marcus Meissner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-20 14:03:36 UTC
CVE-2015-8929

> I also reported a couple of lower severity issues (leaks, hangs,
> undefined behavior issues):

> https://github.com/libarchive/libarchive/issues/517
> Memory leak in TAR parser



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8929
http://seclists.org/oss-sec/2016/q2/566
Comment 1 Marcus Meissner 2016-06-20 14:06:08 UTC
Created attachment 681341 [details]
d24e79e.patch

the commit that should fix it
Comment 2 Marcus Meissner 2016-06-20 14:09:33 UTC
QA REPRODUCER:

valgrind --leak-check=full --show-leak-kinds=all bsdtar xf FOO.tar

(FOO.tar can be any tar archive)

(reports lots of FIPS leaks here, but no bsdtar leak :/  )
Comment 3 Swamp Workflow Management 2016-06-20 22:01:06 UTC
bugbot adjusting priority
Comment 4 Andrej Semen 2016-07-18 11:20:42 UTC
looks like we have a not valid option "--show-leak-kinds=all"


valgrind --leak-check=full --show-leak-kinds=all bsdtar xf test.tar
valgrind: Bad option: --show-leak-kinds=all
valgrind: Use --help for more information or consult the user manual.
Comment 5 Andrej Semen 2016-07-18 11:31:14 UTC
on try to reproduce do not see any difference before and after update 

before:
-------
sol:/tmp # valgrind --leak-check=full  bsdtar xf test.tar
==6971== Memcheck, a memory error detector
==6971== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==6971== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==6971== Command: bsdtar xf test.tar
==6971== 
==6971== Conditional jump or move depends on uninitialised value(s)
==6971==    at 0x4E4C75D: ??? (in /usr/lib64/libarchive.so.2.5.5)
==6971==    by 0x4E3D151: archive_read_extract2 (in
/usr/lib64/libarchive.so.2.5.5)
==6971==    by 0x406D57: ??? (in /usr/bin/bsdtar)
==6971==    by 0x406FF5: ??? (in /usr/bin/bsdtar)
==6971==    by 0x404C43: ??? (in /usr/bin/bsdtar)
==6971==    by 0x58AFC35: (below main) (in /lib64/libc-2.11.3.so)
==6971== 
==6971== 
==6971== HEAP SUMMARY:
==6971==     in use at exit: 46 bytes in 2 blocks
==6971==   total heap usage: 393 allocs, 391 frees, 125,155 bytes allocated
==6971== 
==6971== 46 (40 direct, 6 indirect) bytes in 1 blocks are definitely lost in
loss record 2 of 2
==6971==    at 0x4C28F09: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6971==    by 0x404898: ??? (in /usr/bin/bsdtar)
==6971==    by 0x58AFC35: (below main) (in /lib64/libc-2.11.3.so)
==6971== 
==6971== LEAK SUMMARY:
==6971==    definitely lost: 40 bytes in 1 blocks
==6971==    indirectly lost: 6 bytes in 1 blocks
==6971==      possibly lost: 0 bytes in 0 blocks
==6971==    still reachable: 0 bytes in 0 blocks
==6971==         suppressed: 0 bytes in 0 blocks
==6971== 
==6971== For counts of detected and suppressed errors, rerun with: -v
==6971== Use --track-origins=yes to see where uninitialised values come from
==6971== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4)


after:
------
mgr-srv-21-scc-pgl:/tmp # valgrind --leak-check=full  bsdtar xf test.tar
==14791== Memcheck, a memory error detector
==14791== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==14791== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==14791== Command: bsdtar xf test.tar
==14791== 
==14791== Conditional jump or move depends on uninitialised value(s)
==14791==    at 0x4E4D8BD: ??? (in /usr/lib64/libarchive.so.2.5.5)
==14791==    by 0x4E3E231: archive_read_extract2 (in
/usr/lib64/libarchive.so.2.5.5)
==14791==    by 0x406D57: ??? (in /usr/bin/bsdtar)
==14791==    by 0x406FF5: ??? (in /usr/bin/bsdtar)
==14791==    by 0x404C43: ??? (in /usr/bin/bsdtar)
==14791==    by 0x58B1C35: (below main) (in /lib64/libc-2.11.3.so)
==14791== 
==14791== 
==14791== HEAP SUMMARY:
==14791==     in use at exit: 46 bytes in 2 blocks
==14791==   total heap usage: 450 allocs, 448 frees, 131,022 bytes allocated
==14791== 
==14791== 46 (40 direct, 6 indirect) bytes in 1 blocks are definitely lost in
loss record 2 of 2
==14791==    at 0x4C29F09: malloc (vg_replace_malloc.c:270)
==14791==    by 0x404898: ??? (in /usr/bin/bsdtar)
==14791==    by 0x58B1C35: (below main) (in /lib64/libc-2.11.3.so)
==14791== 
==14791== LEAK SUMMARY:
==14791==    definitely lost: 40 bytes in 1 blocks
==14791==    indirectly lost: 6 bytes in 1 blocks
==14791==      possibly lost: 0 bytes in 0 blocks
==14791==    still reachable: 0 bytes in 0 blocks
==14791==         suppressed: 0 bytes in 0 blocks
==14791== 
==14791== For counts of detected and suppressed errors, rerun with: -v
==14791== Use --track-origins=yes to see where uninitialised values come from
==14791== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4)
Comment 6 Swamp Workflow Management 2016-07-29 12:09:49 UTC
SUSE-SU-2016:1909-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 984990,985609,985665,985669,985673,985675,985679,985682,985685,985688,985689,985697,985698,985700,985703,985704,985706,985826,985832,985835
CVE References: CVE-2015-8918,CVE-2015-8919,CVE-2015-8920,CVE-2015-8921,CVE-2015-8922,CVE-2015-8923,CVE-2015-8924,CVE-2015-8925,CVE-2015-8926,CVE-2015-8928,CVE-2015-8929,CVE-2015-8930,CVE-2015-8931,CVE-2015-8932,CVE-2015-8933,CVE-2015-8934,CVE-2016-4300,CVE-2016-4301,CVE-2016-4302,CVE-2016-4809
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libarchive-3.1.2-22.1
SUSE Linux Enterprise Server 12-SP1 (src):    libarchive-3.1.2-22.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libarchive-3.1.2-22.1
Comment 7 Swamp Workflow Management 2016-08-02 15:09:39 UTC
SUSE-SU-2016:1939-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 920870,984990,985609,985669,985675,985682,985698
CVE References: CVE-2015-2304,CVE-2015-8918,CVE-2015-8920,CVE-2015-8921,CVE-2015-8924,CVE-2015-8929,CVE-2016-4809
Sources used:
SUSE Studio Onsite 1.3 (src):    bsdtar-2.5.5-9.1
SUSE OpenStack Cloud 5 (src):    bsdtar-2.5.5-9.1
SUSE Manager Proxy 2.1 (src):    bsdtar-2.5.5-9.1
SUSE Manager 2.1 (src):    bsdtar-2.5.5-9.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    bsdtar-2.5.5-9.1
SUSE Linux Enterprise Server 11-SP4 (src):    bsdtar-2.5.5-9.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    bsdtar-2.5.5-9.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    bsdtar-2.5.5-9.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    bsdtar-2.5.5-9.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    bsdtar-2.5.5-9.1
Comment 8 Swamp Workflow Management 2016-08-11 15:14:19 UTC
openSUSE-SU-2016:2036-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 984990,985609,985665,985669,985673,985675,985679,985682,985685,985688,985689,985697,985698,985700,985703,985704,985706,985826,985832,985835
CVE References: CVE-2015-8918,CVE-2015-8919,CVE-2015-8920,CVE-2015-8921,CVE-2015-8922,CVE-2015-8923,CVE-2015-8924,CVE-2015-8925,CVE-2015-8926,CVE-2015-8928,CVE-2015-8929,CVE-2015-8930,CVE-2015-8931,CVE-2015-8932,CVE-2015-8933,CVE-2015-8934,CVE-2016-4300,CVE-2016-4301,CVE-2016-4302,CVE-2016-4809
Sources used:
openSUSE Leap 42.1 (src):    libarchive-3.1.2-13.2
Comment 9 Marcus Meissner 2018-02-16 07:22:29 UTC
released