oss-sec mailing list archives
Re: Integer overflow in libtar (<= 1.2.19)
From: Chris Palmer <snackypants () gmail com>
Date: Wed, 9 Oct 2013 22:43:47 -0700
On Wed, Oct 9, 2013 at 9:36 PM, Huzaifa Sidhpurwala <huzaifas () redhat com> wrote:
http://repo.or.cz/w/libtar.git/commit/45448e8bae671c2f7e80b860ae0fc0cedf2bdc04
I haven't read all the ultimate callees, but it might be that some internal/external APIs should change too. If these: 146 /* macros for reading/writing tarchive blocks */ 147 #define tar_block_read(t, buf) \ 148 (*((t)->type->readfunc))((t)->fd, (char *)(buf), T_BLOCKSIZE) 149 #define tar_block_write(t, buf) \ 150 (*((t)->type->writefunc))((t)->fd, (char *)(buf), T_BLOCKSIZE) boil down to functions that implement the same interface as read(2) and write(2), and it sure seems like it, then the |int i| in this: int th_read(TAR *t) { - int i, j; - size_t sz; + int i; + size_t sz, j, blocks; char *ptr; — and the callees, and their declared interfaces — should use ssize_t, not int.
Current thread:
- Integer overflow in libtar (<= 1.2.19) Huzaifa Sidhpurwala (Oct 09)
- Re: Integer overflow in libtar (<= 1.2.19) Naufragium Est (Oct 09)
- Re: Integer overflow in libtar (<= 1.2.19) Chris Palmer (Oct 09)