From e590423f62cf5bc922ff4a1f7eab9bf7d65ee472 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 4 Oct 2022 10:39:35 +0200
Subject: [PATCH] free memory allocated by gnu_long* fields

Authored by Kamil Dudka <kdudka@redhat.com>.

meta-openembedded uses Debian's release tarball [1]. Debian uses
repo.or.cz/libtar.git as their upstream [2]. repo.or.cz/libtar.git has
been inactive since 2013 [3].

CVE: CVE-2021-33640 CVE-2021-33645 CVE-2021-33646

Upstream-Status: Inactive-Upstream [lastrelease: 2013 lastcommit: 2013]

[1] https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libtar/libtar_1.2.20.bb?h=master#n8
[2] http://svn.kibibyte.se/libtar/trunk/debian/control (rev 51; not tagged)
[3] https://repo.or.cz/libtar.git/shortlog/refs/heads/master

Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
---
 lib/handle.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/handle.c b/lib/handle.c
index 28a7dc2..18bd8dc 100644
--- a/lib/handle.c
+++ b/lib/handle.c
@@ -122,8 +122,11 @@ tar_close(TAR *t)
 		libtar_hash_free(t->h, ((t->oflags & O_ACCMODE) == O_RDONLY
 					? free
 					: (libtar_freefunc_t)tar_dev_free));
-	if (t->th_pathname != NULL)
-		free(t->th_pathname);
+
+	free(t->th_pathname);
+	free(t->th_buf.gnu_longname);
+	free(t->th_buf.gnu_longlink);
+
 	free(t);
 
 	return i;