WARC reader: skip whitespace and check for first digit in _warc_rdlen()

Fixes possible heap-buffer-overflow. Reported-By: OSS-Fuzz issue 552
author: Martin Matuska <martin@matuska.org> 2017-02-06 03:07:33 +0100
committer: Martin Matuska <martin@matuska.org> 2017-02-06 03:07:33 +0100
commit: 4f5a7af80831cedaa25eb23b054768dbfebaabb0 (patch)
tree: e8b23a84408ab60981669975d5e653f6260b69fc /libarchive/archive_read_support_format_warc.c
parent: 9553a3a0e453dbc68ac9ec11dfe43c538ecd7c06 (diff)
download: libarchive-4f5a7af80831cedaa25eb23b054768dbfebaabb0.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c
index 3f150986..5e22438d 100644
--- a/libarchive/archive_read_support_format_warc.c
+++ b/libarchive/archive_read_support_format_warc.c
@@ -730,7 +730,12 @@ _warc_rdlen(const char *buf, size_t bsz)
 		return -1;
 	}
 
-	/* strtol kindly overreads whitespace for us, so use that */
+	/* skip leading whitespace */
+	while (val < eol && isblank(*val))
+		val++;
+	/* there must be at least one digit */
+	if (!isdigit(*val))
+		return -1;
 	len = strtol(val, &on, 10);
 	if (on != eol) {
 		/* line must end here */
author	Martin Matuska <martin@matuska.org>	2017-02-06 03:07:33 +0100
committer	Martin Matuska <martin@matuska.org>	2017-02-06 03:07:33 +0100
commit	4f5a7af80831cedaa25eb23b054768dbfebaabb0 (patch)
tree	e8b23a84408ab60981669975d5e653f6260b69fc /libarchive/archive_read_support_format_warc.c
parent	9553a3a0e453dbc68ac9ec11dfe43c538ecd7c06 (diff)
download	libarchive-4f5a7af80831cedaa25eb23b054768dbfebaabb0.tar.gz