diff options
Diffstat (limited to 'archivers/libarchive/files/libarchive/archive_read_support_format_ar.c')
| -rw-r--r-- | archivers/libarchive/files/libarchive/archive_read_support_format_ar.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/archivers/libarchive/files/libarchive/archive_read_support_format_ar.c b/archivers/libarchive/files/libarchive/archive_read_support_format_ar.c index f6e4cc7e2ab..15d7e7cfd72 100644 --- a/archivers/libarchive/files/libarchive/archive_read_support_format_ar.c +++ b/archivers/libarchive/files/libarchive/archive_read_support_format_ar.c @@ -350,12 +350,16 @@ archive_read_format_ar_read_header(struct archive_read *a, /* Parse the size of the name, adjust the file size. */ number = ar_atol10(h + AR_name_offset + 3, AR_name_size - 3); - if ((off_t)number > ar->entry_bytes_remaining) { + bsd_name_length = (size_t)number; + /* Guard against the filename + trailing NUL + * overflowing a size_t and against the filename size + * being larger than the entire entry. */ + if (number > (uint64_t)(bsd_name_length + 1) + || (off_t)bsd_name_length > ar->entry_bytes_remaining) { archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, "Bad input file size"); return (ARCHIVE_FATAL); } - bsd_name_length = (size_t)number; ar->entry_bytes_remaining -= bsd_name_length; /* Adjust file size reported to client. */ archive_entry_set_size(entry, ar->entry_bytes_remaining); |