Issue #731: Reject tar entries >= INT64_MAX

Note that the code that parses file sizes returns INT64_MAX on
overflow.

diff --git a/libarchive/archive_read_support_format_tar.c b/libarchive/archive_read_support_format_tar.c
index b0521a627ce31565e2a652628456ee1ec3f4157a..eb60e1a0da04afd691f19ac78ba5c2ec484963c2 100644 (file)
--- a/libarchive/archive_read_support_format_tar.c
+++ b/libarchive/archive_read_support_format_tar.c
@@ -1128,8 +1128,15 @@ header_common(struct archive_read *a, struct tar *tar,
        if (tar->entry_bytes_remaining < 0) {
                tar->entry_bytes_remaining = 0;
                archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-                   "Tar entry has negative size?");
-               err = ARCHIVE_WARN;
+                   "Tar entry has negative size");
+               return (ARCHIVE_FATAL);
+       }
+       if (tar->entry_bytes_remaining == INT64_MAX) {
+               /* Note: tar_atol returns INT64_MAX on overflow */
+               tar->entry_bytes_remaining = 0;
+               archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+                   "Tar entry size overflow");
+               return (ARCHIVE_FATAL);
        }
        tar->realsize = tar->entry_bytes_remaining;
        archive_entry_set_size(entry, tar->entry_bytes_remaining);