diff options
author | Michihiro NAKAJIMA <ggcueroad@gmail.com> | 2011-07-28 00:16:37 -0400 |
---|---|---|
committer | Michihiro NAKAJIMA <ggcueroad@gmail.com> | 2011-07-28 00:16:37 -0400 |
commit | 42ecca9d45b0e170e9c3e88e5c2b45f6d4b4702d (patch) | |
tree | 996ab162c05876c9e0469463b33f4306a8b2c4b0 /libarchive/archive_read_support_filter_uu.c | |
parent | 2d3cd81cde45645941aaa450d2ac40262bd211fc (diff) | |
download | libarchive-42ecca9d45b0e170e9c3e88e5c2b45f6d4b4702d.tar.gz |
Allow 128K -1 bytes of extra data before uuencode data starts since the bidder allows.
SVN-Revision: 3508
Diffstat (limited to 'libarchive/archive_read_support_filter_uu.c')
-rw-r--r-- | libarchive/archive_read_support_filter_uu.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/libarchive/archive_read_support_filter_uu.c b/libarchive/archive_read_support_filter_uu.c index 56fb6623..c3096915 100644 --- a/libarchive/archive_read_support_filter_uu.c +++ b/libarchive/archive_read_support_filter_uu.c @@ -518,11 +518,16 @@ read_more: } break; } - if (total + len * 2 > OUT_BUFF_SIZE) - break; switch (uudecode->state) { default: case ST_FIND_HEAD: + /* Do not read more than UUENCODE_BID_MAX_READ bytes */ + if (total + len >= UUENCODE_BID_MAX_READ) { + archive_set_error(&self->archive->archive, + ARCHIVE_ERRNO_FILE_FORMAT, + "Invalid format data"); + return (ARCHIVE_FATAL); + } if (len - nl > 13 && memcmp(b, "begin ", 6) == 0) l = 6; else if (len - nl > 18 && @@ -540,6 +545,8 @@ read_more: } break; case ST_READ_UU: + if (total + len * 2 > OUT_BUFF_SIZE) + break; body = len - nl; if (!uuchar[*b] || body <= 0) { archive_set_error(&self->archive->archive, @@ -604,6 +611,8 @@ read_more: } break; case ST_READ_BASE64: + if (total + len * 2 > OUT_BUFF_SIZE) + break; l = len - nl; if (l >= 3 && b[0] == '=' && b[1] == '=' && b[2] == '=') { |