Fix heap buffer overflow in uudecode_bidder_bid()

author Martin Matuska <martin@matuska.org>

Fri, 2 Dec 2016 09:08:02 +0000 (10:08 +0100)

committer Martin Matuska <martin@matuska.org>

Fri, 2 Dec 2016 09:16:18 +0000 (10:16 +0100)
author Martin Matuska <martin@matuska.org>
Fri, 2 Dec 2016 09:08:02 +0000 (10:08 +0100)
committer Martin Matuska <martin@matuska.org>
Fri, 2 Dec 2016 09:16:18 +0000 (10:16 +0100)
diff --git a/libarchive/archive_read_support_filter_uu.c b/libarchive/archive_read_support_filter_uu.c

index 787a619f2f3aea80896abf24c7c0967d11223617..f0fc148701235b7654cf04fe8e7959cc084ea225 100644 (file)
--- a/libarchive/archive_read_support_filter_uu.c
+++ b/libarchive/archive_read_support_filter_uu.c
@@ -312,6 +312,7 @@ uudecode_bidder_bid(struct archive_read_filter_bidder *self,
         avail -= len;
  
         if (l == 6) {
+               /* "begin " */
                 if (!uuchar[*b])
                         return (0);
                 /* Get a length of decoded bytes. */
@@ -352,8 +353,8 @@ uudecode_bidder_bid(struct archive_read_filter_bidder *self,
                 b += nl;
                 if (avail && uuchar[*b])
                         return (firstline+30);
-       }
-       if (l == 13) {
+       } else if (l == 13) {
+               /* "begin-base64 " */
                 while (len-nl > 0) {
                         if (!base64[*b++])
                                 return (0);
author	Martin Matuska <martin@matuska.org>
	Fri, 2 Dec 2016 09:08:02 +0000 (10:08 +0100)
committer	Martin Matuska <martin@matuska.org>
	Fri, 2 Dec 2016 09:16:18 +0000 (10:16 +0100)