mirrors/tar
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/tar.git synced 2026-04-28 20:27:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Avoid undefined behavior in magic checking

Browse Source 
* src/buffer.c (check_compressed_archive):
* src/list.c (read_header, decode_header):
Use memcmp, not strcmp, when looking for magic strings in
headers, since input headers are not guaranteed to be
strings and strcmp has undefined behavior otherwise.
This commit is contained in:
Paul Eggert
2025-07-26 00:27:01 -07:00
parent 75735940f1
commit c11084bcc2
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/buffer.c
View File

@@ -419,10 +419,11 @@ check_compressed_archive (bool *pshort)
read_full_records = sfr;
if (record_start != record_end /* no files smaller than BLOCKSIZE */
&& (strcmp (record_start->header.magic, TMAGIC) == 0
|| strcmp (record_start->buffer + offsetof (struct posix_header,
magic),
OLDGNU_MAGIC) == 0)
&& (memcmp (record_start->header.magic, TMAGIC, sizeof TMAGIC) == 0
|| (memcmp (record_start->buffer + offsetof (struct posix_header,
magic),
OLDGNU_MAGIC, sizeof OLDGNU_MAGIC)
== 0))
&& tar_checksum (record_start, true) == HEADER_SUCCESS)
/* Probably a valid header */
return ct_tar;