xar: Fix another infinite loop and expat error handling (#2150)

Fixes two issues: - expat code keeps track of error conditions - adding link=original multiple times is prohibited
libarchive · Apr 28, 2024 · b910cb7 · b910cb7
1 parent 9951b9c
commit b910cb7
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
@@ -2055,9 +2055,10 @@ xml_start(struct archive_read *a, const char *name, struct xmlattr_list *list)
 			    attr = attr->next) {
 				if (strcmp(attr->name, "link") != 0)
 					continue;
-				if (xar->file->hdnext != NULL || xar->file->link != 0) {
+				if (xar->file->hdnext != NULL || xar->file->link != 0 ||
+				    xar->file == xar->hdlink_orgs) {
 					archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
-					    "File with multiple link targets");
+					    "File with multiple link attributes");
 					return (ARCHIVE_FATAL);
 				}
 				if (strcmp(attr->value, "original") == 0) {
@@ -3256,6 +3257,9 @@ expat_start_cb(void *userData, const XML_Char *name, const XML_Char **atts)
 	struct xmlattr_list list;
 	int r;
 
+	if (ud->state != ARCHIVE_OK)
+		return;
+
 	r = expat_xmlattr_setup(a, &list, atts);
 	if (r == ARCHIVE_OK)
 		r = xml_start(a, (const char *)name, &list);

diff --git a/libarchive/test/test_read_format_xar_doublelink.c b/libarchive/test/test_read_format_xar_doublelink.c
@@ -47,7 +47,7 @@ DEFINE_TEST(test_read_format_xar_doublelink)
 
 	assertA(ARCHIVE_FATAL == archive_read_next_header(a, &ae));
 	assertEqualString(archive_error_string(a),
-		"File with multiple link targets");
+		"File with multiple link attributes");
 	assert(archive_errno(a) != 0);
 
 	assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));