Be stricter about the checksum field; reduce false-positives on the bid

diff --git a/libarchive/archive_read_support_format_tar.c b/libarchive/archive_read_support_format_tar.c
index f491639f8d9791117b43f69fa06d831d29642056..b39298a106e76fc988b4c5f23c539af4726d0a4c 100644 (file)
--- a/libarchive/archive_read_support_format_tar.c
+++ b/libarchive/archive_read_support_format_tar.c
@@ -798,6 +798,13 @@ checksum(struct archive_read *a, const void *h)
        bytes = (const unsigned char *)h;
        header = (const struct archive_entry_header_ustar *)h;
 
+       /* Checksum field must hold an octal number */
+       for (i = 0; i < sizeof(header->checksum); ++i) {
+               char c = header->checksum[i];
+               if (c != ' ' && c != '\0' && (c < '0' || c > '7'))
+                       return 0;
+       }
+
        /*
         * Test the checksum.  Note that POSIX specifies _unsigned_
         * bytes for this calculation.