Libarchive/bsdtar: multiple crashes

[Agostino Sarubbo <ago () gentoo org>]

Hello all.

I'd like to make people aware of the following crashes in libarchive/bsdtar 
found by fuzzing (all issues are public on github):

The most dangerous, an out of bounds stack write (which is also fixed 
upstream):
https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/ 


The following are buffer over read of 1 (all are unfixed upstream ATM):

https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/
 
https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-read_header-archive_read_support_format_7zip-c/
https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/
https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c/

As stated in the posts, the two latest bug could be the same, but I didn't 
have an upstream response about, so I posted both stacktrace to better track 
the issues.


The following are use-after-free (all are unfixed upstream ATM):
https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-bid_entry-archive_read_support_format_mtree-c/
https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-detect_form-archive_read_support_format_mtree-c/

As stated in the posts, they could be the same.
I didn't have an upstream response too for those.


Agostino