From: Tobias Stoeckmann <stoeckmann@users.noreply.github.com>
Date: Sat, 11 May 2024 17:12:03 +0000 (+0200)
Subject: rar: Fix out ouf boundary access with large files (#2179)
X-Git-Tag: v3.7.5~71
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=34338d6c4b3495ba0fea3baa12256efb367ad1e6;p=thirdparty%2Flibarchive.git

rar: Fix out ouf boundary access with large files (#2179)

If a header has the FHD_LARGE flag set, it is not verified that enough
bytes have been read. Check boundaries before accessing the additional
bytes.
---

diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index 5776df4bd..c8725bcae 100644
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -1469,6 +1469,11 @@ read_header(struct archive_read *a, struct archive_entry *entry,
 
   if (rar->file_flags & FHD_LARGE)
   {
+    if (p + 8 > endp) {
+      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
+                        "Invalid header size");
+      return (ARCHIVE_FATAL);
+    }
     memcpy(packed_size, file_header.pack_size, 4);
     memcpy(packed_size + 4, p, 4); /* High pack size */
     p += 4;