From c9bc934e7e91d302e0feca6e713ccc38d6d01532 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Peter=20K=C3=A4stle?= <peter@piie.net>
Date: Mon, 10 Mar 2025 16:43:04 +0100
Subject: [PATCH] fix CVE-2025-1632 and CVE-2025-25724 (#2532)

Hi,

please find my approach to fix the CVE-2025-1632 and CVE-2025-25724
vulnerabilities in this pr.
As both error cases did trigger a NULL pointer deref (and triggered
hopefully everywhere a coredump), we can safely replace the actual
information by a predefined invalid string without breaking any
functionality.

CVE: CVE-2025-25724
Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/c9bc934e7e91d302e0feca6e713ccc38d6d01532]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---------

Signed-off-by: Peter Kaestle <peter@piie.net>
---
 tar/util.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tar/util.c b/tar/util.c
index 3b099cb5..f3cbdf0b 100644
--- a/tar/util.c
+++ b/tar/util.c
@@ -758,7 +758,10 @@ list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry)
 #else
 	ltime = localtime(&tim);
 #endif
-	strftime(tmp, sizeof(tmp), fmt, ltime);
+	if (ltime)
+		strftime(tmp, sizeof(tmp), fmt, ltime);
+	else
+		sprintf(tmp, "-- -- ----");
 	fprintf(out, " %s ", tmp);
 	safe_fprintf(out, "%s", archive_entry_pathname(entry));