On Thu, Sep 07, 2017 at 02:30:20PM -0600, Todd C. Miller wrote: > Why not just use strtol() then? The check against MINXHDRSZ > will catch any negative values. > > - todd
Indeed, better diff, -Otto Index: tar.c =================================================================== RCS file: /cvs/src/bin/pax/tar.c,v retrieving revision 1.63 diff -u -p -r1.63 tar.c --- tar.c 26 Aug 2016 04:11:16 -0000 1.63 +++ tar.c 8 Sep 2017 05:00:10 -0000 @@ -1209,7 +1209,7 @@ static int rd_xheader(ARCHD *arcn, int global, off_t size) { char buf[MAXXHDRSZ]; - unsigned long len; + long len; char *delim, *keyword; char *nextp, *p, *end; int pad, ret = 0; @@ -1247,8 +1247,8 @@ rd_xheader(ARCHD *arcn, int global, off_ break; } errno = 0; - len = strtoul(p, &delim, 10); - if (*delim != ' ' || (errno == ERANGE && len == ULONG_MAX) || + len = strtol(p, &delim, 10); + if (*delim != ' ' || (errno == ERANGE && len == LONG_MAX) || len < MINXHDRSZ) { paxwarn(1, "Invalid extended header record length"); ret = -1;