bin/95175: bsdtar core dump on non-existing symlink

[Jin Guojun (DSD staff)]

>Number:         95175
>Category:       bin
>Synopsis:       bsdtar core dump on non-existing symlink
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 31 23:10:19 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Jin Guojun (DSD staff)
>Release:        FreeBSD 6.0-RELEASE i386
>Organization:
>Environment:
System: FreeBSD 6.0-RELEASE FreeBSD 


	FreeBSD 6.0 and 6.1-BETA4
>Description:
	using command "tar -ch " to do archive. If there is empty
	(non existing) symlink, tar will coredump due to no NULL pointer
	checking.

>How-To-Repeat:
	cd /tmp
	mkdir test
	ln -s /mnt/onwhere test
	tar -chf /dev/null test
	coredump ...
>Fix:

	This happens in function write_hierarchy()
	in /usr/src/usr.bin/tar/write.c file:
        case 'L':
                /* 'L': Do descend through a symlink to dir. */
                /* 'L': Archive symlink to file as file. */
L 631           lst = tree_current_stat(tree);
                break;
        default:
 
...
 
L650    if (new_enough(bsdtar, name, lst)) {
                write_entry(bsdtar, a, lst, name,
                    tree_current_pathlen(tree),
                    tree_current_access_path(tree));
        }

-------------

Line 631 returns NULL to lst when the symlink points to non existing file
or directory. This is then passed to all codes at block start L650.
None of this routines check if the argument "lst" is NULL.
Eventually, it coredump in write_entry() function when *st (passed from lst)
is referenced.

lst must be checked before line 650 and proper branch needs to be taken
when lst is NULL (should be treated as regular symlink).
>Release-Note:
>Audit-Trail:
>Unformatted: