Handle whitespace-only ACL fields correctly.

The logic would result in possible reads before the start of a buffer.

Reported-By: OSS-Fuzz issue 10192

diff --git a/libarchive/archive_acl.c b/libarchive/archive_acl.c
index 4736531afa1d6400f31ac4fbc7f23a897505e7c6..9941d2f6fdb2dc53c1ab47ecb085b16baae4c2be 100644 (file)
--- a/libarchive/archive_acl.c
+++ b/libarchive/archive_acl.c
@@ -2058,6 +2058,12 @@ next_field(const char **p, const char **start,
        }
        *sep = **p;
 
+       /* If the field is only whitespace, bail out now. */
+       if (**p == '\0') {
+               *end = *p;
+               return;
+       }
+
        /* Trim trailing whitespace to locate end of field. */
        *end = *p - 1;
        while (**end == ' ' || **end == '\t' || **end == '\n') {