From: Martin Matuska <martin@matuska.org>
Date: Fri, 2 Dec 2016 09:08:02 +0000 (+0100)
Subject: Fix heap buffer overflow in uudecode_bidder_bid()
X-Git-Tag: v3.3.0~103
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=53d73345410d69e68171f05facaf4523e38e72bb;p=thirdparty%2Flibarchive.git

Fix heap buffer overflow in uudecode_bidder_bid()

Reported-by: OSS-Fuzz issue 139, 145, 152
---

diff --git a/libarchive/archive_read_support_filter_uu.c b/libarchive/archive_read_support_filter_uu.c
index 787a619f2..f0fc14870 100644
--- a/libarchive/archive_read_support_filter_uu.c
+++ b/libarchive/archive_read_support_filter_uu.c
@@ -312,6 +312,7 @@ uudecode_bidder_bid(struct archive_read_filter_bidder *self,
 	avail -= len;
 
 	if (l == 6) {
+		/* "begin " */
 		if (!uuchar[*b])
 			return (0);
 		/* Get a length of decoded bytes. */
@@ -352,8 +353,8 @@ uudecode_bidder_bid(struct archive_read_filter_bidder *self,
 		b += nl;
 		if (avail && uuchar[*b])
 			return (firstline+30);
-	}
-	if (l == 13) {
+	} else if (l == 13) {
+		/* "begin-base64 " */
 		while (len-nl > 0) {
 			if (!base64[*b++])
 				return (0);