From: Martin Matuska <martin@matuska.org>
Date: Mon, 6 Feb 2017 02:07:33 +0000 (+0100)
Subject: WARC reader: skip whitespace and check for first digit in _warc_rdlen()
X-Git-Tag: v3.3.0~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4f5a7af80831cedaa25eb23b054768dbfebaabb0;p=thirdparty%2Flibarchive.git

WARC reader: skip whitespace and check for first digit in _warc_rdlen()
Fixes possible heap-buffer-overflow.

Reported-By:	OSS-Fuzz issue 552
---

diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c
index 3f150986b..5e22438d2 100644
--- a/libarchive/archive_read_support_format_warc.c
+++ b/libarchive/archive_read_support_format_warc.c
@@ -730,7 +730,12 @@ _warc_rdlen(const char *buf, size_t bsz)
 		return -1;
 	}
 
-	/* strtol kindly overreads whitespace for us, so use that */
+	/* skip leading whitespace */
+	while (val < eol && isblank(*val))
+		val++;
+	/* there must be at least one digit */
+	if (!isdigit(*val))
+		return -1;
 	len = strtol(val, &on, 10);
 	if (on != eol) {
 		/* line must end here */