tar: tighten up pax header validity check

function old new delta get_header_tar 1785 1795 +10 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2014-01-10 18:02:38 +01:00 · 2014-01-10 18:02:38 +01:00 · 0f592d7fb9
commit 0f592d7fb9
parent 604b7b6cc0
1 changed files with 3 additions and 1 deletions
--- a/archival/libarchive/get_header_tar.c
+++ b/archival/libarchive/get_header_tar.c
@ -115,7 +115,9 @@ static void process_pax_hdr(archive_handle_t *archive_handle, unsigned sz, int g
 		 */
 		p += len;
 		sz -= len;
-		if ((int)sz < 0
+		if (
+		/** (int)sz < 0 - not good enough for huge malicious VALUE of 2^32-1 */
+		    (int)(sz|len) < 0 /* this works */
 		 || len == 0
 		 || errno != EINVAL
 		 || *end != ' '