From 0f592d7fb94c5887528d0ee24020c2225ab71c28 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Fri, 10 Jan 2014 18:02:38 +0100
Subject: tar: tighten up pax header validity check

function                                             old     new   delta
get_header_tar                                      1785    1795     +10

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 archival/libarchive/get_header_tar.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'archival')

diff --git a/archival/libarchive/get_header_tar.c b/archival/libarchive/get_header_tar.c
index 32f842095..54d910431 100644
--- a/archival/libarchive/get_header_tar.c
+++ b/archival/libarchive/get_header_tar.c
@@ -115,7 +115,9 @@ static void process_pax_hdr(archive_handle_t *archive_handle, unsigned sz, int g
 		 */
 		p += len;
 		sz -= len;
-		if ((int)sz < 0
+		if (
+		/** (int)sz < 0 - not good enough for huge malicious VALUE of 2^32-1 */
+		    (int)(sz|len) < 0 /* this works */
 		 || len == 0
 		 || errno != EINVAL
 		 || *end != ' '
-- 
cgit v1.2.3