aboutsummaryrefslogtreecommitdiffstats
path: root/libarchive/archive_read_support_format_cpio.c
diff options
context:
space:
mode:
authorMartin Matuska <mm@FreeBSD.org>2017-09-30 23:33:19 +0000
committerMartin Matuska <mm@FreeBSD.org>2017-09-30 23:33:19 +0000
commit533ab3c53efbfd230b718ed77dc9ea4d1446ddfc (patch)
tree7754efa68576e44389846bd73fad80a27240b0ba /libarchive/archive_read_support_format_cpio.c
parentb85c4c3da0a560cb98d13902c308e54fdeb52d70 (diff)
downloadsrc-533ab3c53efbfd230b718ed77dc9ea4d1446ddfc.tar.gz
src-533ab3c53efbfd230b718ed77dc9ea4d1446ddfc.zip
Update vendor/libarchive to git 92366744a52f3fa83c3899e375e415a5080a05f2
Relevant vendor changes: PR #905: Support for Zstandard read and write filters PR #922: Avoid overflow when reading corrupt cpio archive Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166) OSS-Fuzz 2936: Place a limit on the mtree line length OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502) Security: CVE-2017-14166, CVE-2017-14502
Notes
Notes: svn path=/vendor/libarchive/dist/; revision=324145
Diffstat (limited to 'libarchive/archive_read_support_format_cpio.c')
-rw-r--r--libarchive/archive_read_support_format_cpio.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/libarchive/archive_read_support_format_cpio.c b/libarchive/archive_read_support_format_cpio.c
index ad9f782de488..67d5b21eebbe 100644
--- a/libarchive/archive_read_support_format_cpio.c
+++ b/libarchive/archive_read_support_format_cpio.c
@@ -633,6 +633,13 @@ header_newc(struct archive_read *a, struct cpio *cpio,
/* Pad name to 2 more than a multiple of 4. */
*name_pad = (2 - *namelength) & 3;
+ /* Make sure that the padded name length fits into size_t. */
+ if (*name_pad > SIZE_MAX - *namelength) {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+ "cpio archive has invalid namelength");
+ return (ARCHIVE_FATAL);
+ }
+
/*
* Note: entry_bytes_remaining is at least 64 bits and
* therefore guaranteed to be big enough for a 33-bit file