tar: tighten up pax header validity check

function                                             old     new   delta
get_header_tar                                      1785    1795     +10

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/archival/libarchive/get_header_tar.c b/archival/libarchive/get_header_tar.c
index 32f842095fe5e39c8ecf40f538de1e0b6cdf30fd..54d910431038945fecff7be2ec557512f2f9b974 100644 (file)
--- a/archival/libarchive/get_header_tar.c
+++ b/archival/libarchive/get_header_tar.c
@@ -115,7 +115,9 @@ static void process_pax_hdr(archive_handle_t *archive_handle, unsigned sz, int g
                 */
                p += len;
                sz -= len;
-               if ((int)sz < 0
+               if (
+               /** (int)sz < 0 - not good enough for huge malicious VALUE of 2^32-1 */
+                   (int)(sz|len) < 0 /* this works */
                 || len == 0
                 || errno != EINVAL
                 || *end != ' '