Sometimes a bz2 file is identified as tar.bz2, i.e. a chunk of
raw data may look like a tar header (metadata block).
To reduce chance of such false positive, the format of uid, gid
and mtime field is checked. This fields are expected to contain
octal numbers. In fact, also space and '\0' are allowed - perhaps
I am too liberal.
/* Not a valid mode; bail out here. */
return (0);
}
- /* TODO: Sanity test uid/gid/size/mtime/rdevmajor/rdevminor fields. */
+
+ /* Sanity test uid/gid/mtime fields must hold octal numbers. */
+ size_t i;
+ for (i = 0; i < sizeof(header->gid); ++i) {
+ char c = header->gid[i];
+ if (c != ' ' && c != '\0' && (c < '0' || c > '7'))
+ return 0;
+ }
+ for (i = 0; i < sizeof(header->uid); ++i) {
+ char c = header->uid[i];
+ if (c != ' ' && c != '\0' && (c < '0' || c > '7'))
+ return 0;
+ }
+ for (i = 0; i < sizeof(header->mtime); ++i) {
+ char c = header->mtime[i];
+ if (c != ' ' && c != '\0' && (c < '0' || c > '7'))
+ return 0;
+ }
+
+ /* TODO: Sanity test size/rdevmajor/rdevminor fields. */
return (bid);
}
projects / thirdparty / libarchive.git / commitdiff
