diff options
author | Martin Matuska <martin@matuska.org> | 2017-02-06 03:07:33 +0100 |
---|---|---|
committer | Martin Matuska <martin@matuska.org> | 2017-02-06 03:07:33 +0100 |
commit | 4f5a7af80831cedaa25eb23b054768dbfebaabb0 (patch) | |
tree | e8b23a84408ab60981669975d5e653f6260b69fc /libarchive/archive_read_support_format_warc.c | |
parent | 9553a3a0e453dbc68ac9ec11dfe43c538ecd7c06 (diff) | |
download | libarchive-4f5a7af80831cedaa25eb23b054768dbfebaabb0.tar.gz |
WARC reader: skip whitespace and check for first digit in _warc_rdlen()
Fixes possible heap-buffer-overflow.
Reported-By: OSS-Fuzz issue 552
Diffstat (limited to 'libarchive/archive_read_support_format_warc.c')
-rw-r--r-- | libarchive/archive_read_support_format_warc.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c index 3f150986..5e22438d 100644 --- a/libarchive/archive_read_support_format_warc.c +++ b/libarchive/archive_read_support_format_warc.c @@ -730,7 +730,12 @@ _warc_rdlen(const char *buf, size_t bsz) return -1; } - /* strtol kindly overreads whitespace for us, so use that */ + /* skip leading whitespace */ + while (val < eol && isblank(*val)) + val++; + /* there must be at least one digit */ + if (!isdigit(*val)) + return -1; len = strtol(val, &on, 10); if (on != eol) { /* line must end here */ |