Update vendor/libarchive/dist to git d5f35a90a4cb1eeb918213bff9d78e8b0471dc0a

Relevant vendor changes:
  PR #1013: Add missing h_base offset when performing absolute seeks in
            xar decompression
  PR #1061: Add support for extraction of RAR v5 archives
  PR #1066: Fix out of bounds read on empty string filename for gnutar, pax
            and v7tar
  PR #1067: Fix temporary file path buffer overflow in tests
  IS #1068: Correctly process and verify integer arguments passed to
            bsdcpio and bsdtar
  PR #1070: Don't default XAR entry atime/mtime to the current time

1 files changed, 11 insertions, 4 deletions

diff --git a/cpio/cpio.c b/cpio/cpio.c
index 4b8ce79296f0..9dddf417a5a5 100644
--- a/cpio/cpio.c
+++ b/cpio/cpio.c
@@ -134,8 +134,9 @@ main(int argc, char *argv[])
 	struct cpio _cpio; /* Allocated on stack. */
 	struct cpio *cpio;
 	const char *errmsg;
+	char *tptr;
 	int uid, gid;
-	int opt;
+	int opt, t;
 
 	cpio = &_cpio;
 	memset(cpio, 0, sizeof(*cpio));
@@ -204,9 +205,15 @@ main(int argc, char *argv[])
 			cpio->add_filter = opt;
 			break;
 		case 'C': /* NetBSD/OpenBSD */
-			cpio->bytes_per_block = atoi(cpio->argument);
-			if (cpio->bytes_per_block <= 0)
-				lafe_errc(1, 0, "Invalid blocksize %s", cpio->argument);
+			errno = 0;
+			tptr = NULL;
+			t = (int)strtol(cpio->argument, &tptr, 10);
+			if (errno || t <= 0 || *(cpio->argument) == '\0' ||
+			    tptr == NULL || *tptr != '\0') {
+				lafe_errc(1, 0, "Invalid blocksize: %s",
+				    cpio->argument);
+			}
+			cpio->bytes_per_block = t;
 			break;
 		case 'c': /* POSIX 1997 */
 			cpio->format = "odc";