From: Martin Matuska <martin@matuska.org>
Date: Sat, 20 Apr 2019 08:27:46 +0000 (+0200)
Subject: RAR5 reader: fix maximum owner name length
X-Git-Tag: v3.4.0~68
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2fce6f81cc59144bf4f2f66f7620233d609b41ef;p=thirdparty%2Flibarchive.git

RAR5 reader: fix maximum owner name length

Reported by:	OSS-Fuzz issue 14331
---

diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c
index 7123e408a..a43afbfa0 100644
--- a/libarchive/archive_read_support_format_rar5.c
+++ b/libarchive/archive_read_support_format_rar5.c
@@ -1352,8 +1352,8 @@ static int parse_file_extra_owner(struct archive_read* a,
 	        *extra_data_size -= name_size + 1;
 		if(!read_ahead(a, name_size, &p))
 			return ARCHIVE_EOF;
-		if (name_size > OWNER_MAXNAMELEN)
-			name_len = OWNER_MAXNAMELEN;
+		if (name_size >= OWNER_MAXNAMELEN)
+			name_len = OWNER_MAXNAMELEN - 1;
 		else
 			name_len = name_size;
 		memcpy(namebuf, p, name_len);
@@ -1369,8 +1369,8 @@ static int parse_file_extra_owner(struct archive_read* a,
 	        *extra_data_size -= name_size + 1;
 		if(!read_ahead(a, name_size, &p))
 			return ARCHIVE_EOF;
-		if (name_size > OWNER_MAXNAMELEN)
-			name_len = OWNER_MAXNAMELEN;
+		if (name_size >= OWNER_MAXNAMELEN)
+			name_len = OWNER_MAXNAMELEN - 1;
 		else
 			name_len = name_size;
 		memcpy(namebuf, p, name_len);