Browse code
Better fix for bug 11946
Signed-off-by: Steven Morgan <stevmorg@cisco.com>
Craig Davison authored on 2017/11/02 04:34:20Showing 1 changed files
| ... | ... |
@@ -43,7 +43,9 @@ |
| 43 | 43 |
#include "scanners.h" |
| 44 | 44 |
#include "matcher.h" |
| 45 | 45 |
|
| 46 |
-#define BLOCKSIZE 512 |
|
| 46 |
+#define TARHEADERSIZE 512 |
|
| 47 |
+/* BLOCKSIZE must be >= TARHEADERSIZE */ |
|
| 48 |
+#define BLOCKSIZE TARHEADERSIZE |
|
| 47 | 49 |
#define TARSIZEOFFSET 124 |
| 48 | 50 |
#define TARSIZELEN 12 |
| 49 | 51 |
#define TARCHECKSUMOFFSET 148 |
| ... | ... |
@@ -182,8 +184,9 @@ cli_untar(const char *dir, unsigned int posix, cli_ctx *ctx) |
| 182 | 182 |
if((ret=cli_checklimits("cli_untar", ctx, 0, 0, 0))!=CL_CLEAN)
|
| 183 | 183 |
return ret; |
| 184 | 184 |
|
| 185 |
- if (nread < TARCHECKSUMOFFSET + TARCHECKSUMLEN) |
|
| 186 |
- return ret; |
|
| 185 |
+ if (nread < TARHEADERSIZE) {
|
|
| 186 |
+ return CL_CLEAN; |
|
| 187 |
+ } |
|
| 187 | 188 |
|
| 188 | 189 |
checksum = getchecksum(block); |
| 189 | 190 |
cli_dbgmsg("cli_untar: Candidate checksum = %d, [%o in octal]\n", checksum, checksum);
|
| ... | ... |
@@ -200,7 +203,6 @@ cli_untar(const char *dir, unsigned int posix, cli_ctx *ctx) |
| 200 | 200 |
cli_dbgmsg("cli_untar: Checksum %d is valid.\n", checksum);
|
| 201 | 201 |
} |
| 202 | 202 |
|
| 203 |
- /* Notice assumption that BLOCKSIZE > 262 */ |
|
| 204 | 203 |
if(posix) {
|
| 205 | 204 |
strncpy(magic, block+257, 5); |
| 206 | 205 |
magic[5] = '\0'; |