Signed-off-by: Steven Morgan <stevmorg@cisco.com>
Craig Davison authored on 2017/11/02 04:34:20... | ... |
@@ -43,7 +43,9 @@ |
43 | 43 |
#include "scanners.h" |
44 | 44 |
#include "matcher.h" |
45 | 45 |
|
46 |
-#define BLOCKSIZE 512 |
|
46 |
+#define TARHEADERSIZE 512 |
|
47 |
+/* BLOCKSIZE must be >= TARHEADERSIZE */ |
|
48 |
+#define BLOCKSIZE TARHEADERSIZE |
|
47 | 49 |
#define TARSIZEOFFSET 124 |
48 | 50 |
#define TARSIZELEN 12 |
49 | 51 |
#define TARCHECKSUMOFFSET 148 |
... | ... |
@@ -182,8 +184,9 @@ cli_untar(const char *dir, unsigned int posix, cli_ctx *ctx) |
182 | 182 |
if((ret=cli_checklimits("cli_untar", ctx, 0, 0, 0))!=CL_CLEAN) |
183 | 183 |
return ret; |
184 | 184 |
|
185 |
- if (nread < TARCHECKSUMOFFSET + TARCHECKSUMLEN) |
|
186 |
- return ret; |
|
185 |
+ if (nread < TARHEADERSIZE) { |
|
186 |
+ return CL_CLEAN; |
|
187 |
+ } |
|
187 | 188 |
|
188 | 189 |
checksum = getchecksum(block); |
189 | 190 |
cli_dbgmsg("cli_untar: Candidate checksum = %d, [%o in octal]\n", checksum, checksum); |
... | ... |
@@ -200,7 +203,6 @@ cli_untar(const char *dir, unsigned int posix, cli_ctx *ctx) |
200 | 200 |
cli_dbgmsg("cli_untar: Checksum %d is valid.\n", checksum); |
201 | 201 |
} |
202 | 202 |
|
203 |
- /* Notice assumption that BLOCKSIZE > 262 */ |
|
204 | 203 |
if(posix) { |
205 | 204 |
strncpy(magic, block+257, 5); |
206 | 205 |
magic[5] = '\0'; |