From: Michael Schroeder <mls@suse.de>
Date: Tue, 5 Aug 2025 10:03:15 +0000 (+0200)
Subject: tarhead: add a line size limit to catch broken entries
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Fmaster;p=thirdparty%2Flibsolv.git

tarhead: add a line size limit to catch broken entries

Also write back the allocated line length.
---

diff --git a/ext/tarhead.c b/ext/tarhead.c
index e229b43d..f98db2b9 100644
--- a/ext/tarhead.c
+++ b/ext/tarhead.c
@@ -12,6 +12,8 @@
 #include "util.h"
 #include "tarhead.h"
 
+#define MAX_LINE_SIZE 0x1000000
+
 static long long parsenum(unsigned char *p, int cnt)
 {
   long long x = 0;
@@ -232,7 +234,14 @@ size_t tarhead_gets(struct tarhead *th, char **linep , size_t *allocsizep)
       size_t fsize = lsize - size;
       if (fsize < 2)
 	{
+	  if (lsize >= MAX_LINE_SIZE)
+	    {
+	      th->eof = 1;
+	      return 0;
+	    }
 	  line = *linep = solv_realloc(line, lsize += 1024);
+	  if (allocsizep)
+	    *allocsizep = lsize;
 	  fsize = lsize - size;
 	}
       for (i = th->off; i < th->end && fsize > 1;)