[git commit] tar: tighten up pax header validity check

Denys Vlasenko vda.linux at googlemail.com
Fri Jan 10 17:02:38 UTC 2014


commit: http://git.busybox.net/busybox/commit/?id=0f592d7fb94c5887528d0ee24020c2225ab71c28
branch: http://git.busybox.net/busybox/commit/?id=refs/heads/master

function                                             old     new   delta
get_header_tar                                      1785    1795     +10

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 archival/libarchive/get_header_tar.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/archival/libarchive/get_header_tar.c b/archival/libarchive/get_header_tar.c
index 32f8420..54d9104 100644
--- a/archival/libarchive/get_header_tar.c
+++ b/archival/libarchive/get_header_tar.c
@@ -115,7 +115,9 @@ static void process_pax_hdr(archive_handle_t *archive_handle, unsigned sz, int g
 		 */
 		p += len;
 		sz -= len;
-		if ((int)sz < 0
+		if (
+		/** (int)sz < 0 - not good enough for huge malicious VALUE of 2^32-1 */
+		    (int)(sz|len) < 0 /* this works */
 		 || len == 0
 		 || errno != EINVAL
 		 || *end != ' '


More information about the busybox-cvs mailing list