From 5be2fa91e5e6981a467ae349864e8b3a4ce251a6 Mon Sep 17 00:00:00 2001
From: Tim Kientzle <kientzle@acm.org>
Date: Mon, 30 Dec 2013 09:43:25 -0800
Subject: [PATCH] Be stricter about the checksum field; reduce false-positives
 on the bid

---
 libarchive/archive_read_support_format_tar.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libarchive/archive_read_support_format_tar.c b/libarchive/archive_read_support_format_tar.c
index f491639f8..b39298a10 100644
--- a/libarchive/archive_read_support_format_tar.c
+++ b/libarchive/archive_read_support_format_tar.c
@@ -798,6 +798,13 @@ checksum(struct archive_read *a, const void *h)
 	bytes = (const unsigned char *)h;
 	header = (const struct archive_entry_header_ustar *)h;
 
+	/* Checksum field must hold an octal number */
+	for (i = 0; i < sizeof(header->checksum); ++i) {
+		char c = header->checksum[i];
+		if (c != ' ' && c != '\0' && (c < '0' || c > '7'))
+			return 0;
+	}
+
 	/*
 	 * Test the checksum.  Note that POSIX specifies _unsigned_
 	 * bytes for this calculation.
-- 
2.47.2