RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 18:57:35 +00:00
Code Issues Activity Actions

LibArchive: Ensure tar extended header length is within expected range

Browse source
This commit is contained in:
Tim Ledbetter 2023-10-02 20:24:14 +01:00 committed by Tim Schumacher
parent 006bf1905b
commit 9f7cfb1394
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Userland/Libraries/LibArchive/TarStream.h
View file

@ -93,11 +93,18 @@ inline ErrorOr<void> TarInputStream::for_each_extended_header(F func)
Optional<unsigned int> length = file_contents.substring_view(0, length_end_index.value()).to_uint(); Optional<unsigned int> length = file_contents.substring_view(0, length_end_index.value()).to_uint();
if (!length.has_value()) if (!length.has_value())
return Error::from_string_literal("Malformed extended header: Could not parse length."); return Error::from_string_literal("Malformed extended header: Could not parse length.");
if (length_end_index.value() >= length.value())
return Error::from_string_literal("Malformed extended header: Header length too short.");
unsigned int remaining_length = length.value(); unsigned int remaining_length = length.value();
remaining_length -= length_end_index.value() + 1; remaining_length -= length_end_index.value() + 1;
file_contents = file_contents.substring_view(length_end_index.value() + 1); file_contents = file_contents.substring_view(length_end_index.value() + 1);
if (file_contents.length() < remaining_length - 1)
return Error::from_string_literal("Malformed extended header: Header length too large.");
// Extract the header. // Extract the header.
StringView header = file_contents.substring_view(0, remaining_length - 1); StringView header = file_contents.substring_view(0, remaining_length - 1);
file_contents = file_contents.substring_view(remaining_length - 1); file_contents = file_contents.substring_view(remaining_length - 1);