emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tar: tighten up pax header validity check

Browse Source 
function                                             old     new   delta
get_header_tar                                      1785    1795     +10

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2014-01-10 18:02:38 +01:00
parent 604b7b6cc0
commit 0f592d7fb9
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
archival/libarchive/get_header_tar.c
View File

@ -115,7 +115,9 @@ static void process_pax_hdr(archive_handle_t *archive_handle, unsigned sz, int g
*/ */
p += len; p += len;
sz -= len; sz -= len;
if ((int)sz < 0 if (
/** (int)sz < 0 - not good enough for huge malicious VALUE of 2^32-1 */
(int)(sz|len) < 0 /* this works */
|| len == 0 || len == 0
|| errno != EINVAL || errno != EINVAL
|| *end != ' ' || *end != ' '