Correctly process and verify integer arguments passed to bsdcpio and bsdtar

Fixes #1068
author: Martin Matuska <martin@matuska.org> 2018-09-23 00:04:36 +0200
committer: Martin Matuska <martin@matuska.org> 2018-09-23 00:12:22 +0200
commit: c16ce12acb997e6ebd81eeb37bf5f9a20e95ea19 (patch)
tree: 6bea13264af4c956d18627681093f753b4fb3bec /cpio
parent: 23b142e2706dea229ff69adaa7e99b7531efda8e (diff)
download: libarchive-c16ce12acb997e6ebd81eeb37bf5f9a20e95ea19.tar.gz
1 files changed, 11 insertions, 4 deletions
diff --git a/cpio/cpio.c b/cpio/cpio.c
index 4b8ce792..9dddf417 100644
--- a/cpio/cpio.c
+++ b/cpio/cpio.c
@@ -134,8 +134,9 @@ main(int argc, char *argv[])
 	struct cpio _cpio; /* Allocated on stack. */
 	struct cpio *cpio;
 	const char *errmsg;
+	char *tptr;
 	int uid, gid;
-	int opt;
+	int opt, t;
 
 	cpio = &_cpio;
 	memset(cpio, 0, sizeof(*cpio));
@@ -204,9 +205,15 @@ main(int argc, char *argv[])
 			cpio->add_filter = opt;
 			break;
 		case 'C': /* NetBSD/OpenBSD */
-			cpio->bytes_per_block = atoi(cpio->argument);
-			if (cpio->bytes_per_block <= 0)
-				lafe_errc(1, 0, "Invalid blocksize %s", cpio->argument);
+			errno = 0;
+			tptr = NULL;
+			t = (int)strtol(cpio->argument, &tptr, 10);
+			if (errno || t <= 0 || *(cpio->argument) == '\0' ||
+			    tptr == NULL || *tptr != '\0') {
+				lafe_errc(1, 0, "Invalid blocksize: %s",
+				    cpio->argument);
+			}
+			cpio->bytes_per_block = t;
 			break;
 		case 'c': /* POSIX 1997 */
 			cpio->format = "odc";
author	Martin Matuska <martin@matuska.org>	2018-09-23 00:04:36 +0200
committer	Martin Matuska <martin@matuska.org>	2018-09-23 00:12:22 +0200
commit	c16ce12acb997e6ebd81eeb37bf5f9a20e95ea19 (patch)
tree	6bea13264af4c956d18627681093f753b4fb3bec /cpio
parent	23b142e2706dea229ff69adaa7e99b7531efda8e (diff)
download	libarchive-c16ce12acb997e6ebd81eeb37bf5f9a20e95ea19.tar.gz