tar: tighten up pax header validity check

function old new delta get_header_tar 1785 1795 +10 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2014-01-10 18:02:38 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2014-01-10 18:02:38 +0100
commit: 0f592d7fb94c5887528d0ee24020c2225ab71c28 (patch)
tree: a0d0908321c3685ffc757da7f82922205c2dfa70
parent: 604b7b6cc03bab020f03d35f0064ab0e87845616 (diff)
download: busybox-w32-0f592d7fb94c5887528d0ee24020c2225ab71c28.tar.gz
busybox-w32-0f592d7fb94c5887528d0ee24020c2225ab71c28.tar.bz2
busybox-w32-0f592d7fb94c5887528d0ee24020c2225ab71c28.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/archival/libarchive/get_header_tar.c b/archival/libarchive/get_header_tar.c
index 32f842095..54d910431 100644
--- a/archival/libarchive/get_header_tar.c
+++ b/archival/libarchive/get_header_tar.c
@@ -115,7 +115,9 @@ static void process_pax_hdr(archive_handle_t *archive_handle, unsigned sz, int g
                 */
                p += len;
                sz -= len;
-                if ((int)sz < 0
+                if (
+                /** (int)sz < 0 - not good enough for huge malicious VALUE of 2^32-1 */
+                    (int)(sz|len) < 0 /* this works */
                 || len == 0
                 || errno != EINVAL
                 || *end != ' '
author	Denys Vlasenko <vda.linux@googlemail.com>	2014-01-10 18:02:38 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2014-01-10 18:02:38 +0100
commit	0f592d7fb94c5887528d0ee24020c2225ab71c28 (patch)
tree	a0d0908321c3685ffc757da7f82922205c2dfa70
parent	604b7b6cc03bab020f03d35f0064ab0e87845616 (diff)
download	busybox-w32-0f592d7fb94c5887528d0ee24020c2225ab71c28.tar.gz busybox-w32-0f592d7fb94c5887528d0ee24020c2225ab71c28.tar.bz2 busybox-w32-0f592d7fb94c5887528d0ee24020c2225ab71c28.zip