On Thu, Sep 07, 2017 at 02:30:20PM -0600, Todd C. Miller wrote:
> Why not just use strtol() then? The check against MINXHDRSZ
> will catch any negative values.
>
> - todd
Indeed, better diff,
-Otto
Index: tar.c
===================================================================
RCS file: /cvs/src/bin/pax/tar.c,v
retrieving revision 1.63
diff -u -p -r1.63 tar.c
--- tar.c 26 Aug 2016 04:11:16 -0000 1.63
+++ tar.c 8 Sep 2017 05:00:10 -0000
@@ -1209,7 +1209,7 @@ static int
rd_xheader(ARCHD *arcn, int global, off_t size)
{
char buf[MAXXHDRSZ];
- unsigned long len;
+ long len;
char *delim, *keyword;
char *nextp, *p, *end;
int pad, ret = 0;
@@ -1247,8 +1247,8 @@ rd_xheader(ARCHD *arcn, int global, off_
break;
}
errno = 0;
- len = strtoul(p, &delim, 10);
- if (*delim != ' ' || (errno == ERANGE && len == ULONG_MAX) ||
+ len = strtol(p, &delim, 10);
+ if (*delim != ' ' || (errno == ERANGE && len == LONG_MAX) ||
len < MINXHDRSZ) {
paxwarn(1, "Invalid extended header record length");
ret = -1;
