Skip to content

Commit 3014e19

Browse files
committed
Issue 711: Be more careful about verifying filename lengths when writing ISO9660 archives
* Don't cast size_t to int, since this can lead to overflow on machines where sizeof(int) < sizeof(size_t) * Check a + b > limit by writing it as a > limit || b > limit || a + b > limit to avoid problems when a + b wraps around.
1 parent 7bb6d70 commit 3014e19

File tree

1 file changed

+10
-8
lines changed

1 file changed

+10
-8
lines changed

Diff for: libarchive/archive_write_set_format_iso9660.c

+10-8
Original file line numberDiff line numberDiff line change
@@ -6225,7 +6225,7 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent,
62256225
unsigned char *p;
62266226
size_t l;
62276227
int r;
6228-
int ffmax, parent_len;
6228+
size_t ffmax, parent_len;
62296229
static const struct archive_rb_tree_ops rb_ops = {
62306230
isoent_cmp_node_joliet, isoent_cmp_key_joliet
62316231
};
@@ -6239,7 +6239,7 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent,
62396239
else
62406240
ffmax = 128;
62416241

6242-
r = idr_start(a, idr, isoent->children.cnt, ffmax, 6, 2, &rb_ops);
6242+
r = idr_start(a, idr, isoent->children.cnt, (int)ffmax, 6, 2, &rb_ops);
62436243
if (r < 0)
62446244
return (r);
62456245

@@ -6252,7 +6252,7 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent,
62526252
int ext_off, noff, weight;
62536253
size_t lt;
62546254

6255-
if ((int)(l = np->file->basename_utf16.length) > ffmax)
6255+
if ((l = np->file->basename_utf16.length) > ffmax)
62566256
l = ffmax;
62576257

62586258
p = malloc((l+1)*2);
@@ -6285,7 +6285,7 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent,
62856285
/*
62866286
* Get a length of MBS of a full-pathname.
62876287
*/
6288-
if ((int)np->file->basename_utf16.length > ffmax) {
6288+
if (np->file->basename_utf16.length > ffmax) {
62896289
if (archive_strncpy_l(&iso9660->mbs,
62906290
(const char *)np->identifier, l,
62916291
iso9660->sconv_from_utf16be) != 0 &&
@@ -6302,7 +6302,9 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent,
63026302

63036303
/* If a length of full-pathname is longer than 240 bytes,
63046304
* it violates Joliet extensions regulation. */
6305-
if (parent_len + np->mb_len > 240) {
6305+
if (parent_len > 240
6306+
|| np->mb_len > 240
6307+
|| parent_len + np->mb_len > 240) {
63066308
archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
63076309
"The regulation of Joliet extensions;"
63086310
" A length of a full-pathname of `%s' is "
@@ -6314,11 +6316,11 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent,
63146316

63156317
/* Make an offset of the number which is used to be set
63166318
* hexadecimal number to avoid duplicate identifier. */
6317-
if ((int)l == ffmax)
6319+
if (l == ffmax)
63186320
noff = ext_off - 6;
6319-
else if ((int)l == ffmax-2)
6321+
else if (l == ffmax-2)
63206322
noff = ext_off - 4;
6321-
else if ((int)l == ffmax-4)
6323+
else if (l == ffmax-4)
63226324
noff = ext_off - 2;
63236325
else
63246326
noff = ext_off;

0 commit comments

Comments
 (0)