diff options
author | Grzegorz Antoniak <ga@anadoxin.org> | 2020-02-02 08:04:41 +0100 |
---|---|---|
committer | Grzegorz Antoniak <ga@anadoxin.org> | 2020-02-02 08:04:41 +0100 |
commit | 94821008d6eea81e315c5881cdf739202961040a (patch) | |
tree | 7567c3ed78920b0e9738806dc25464e503c1ad6b /Makefile.am | |
parent | 449d6c5faea3ee9b99fe4bcf3873470c7834187f (diff) | |
download | libarchive-94821008d6eea81e315c5881cdf739202961040a.tar.gz |
RAR5 reader: reject files that declare invalid header flags
One of the fields in RAR5's base block structure is the size of the
header. Some invalid files declare a 0 header size setting, which can
confuse the unpacker. Minimum header size for RAR5 base blocks is 7
bytes (4 bytes for CRC, and 3 bytes for the rest), so block size of 0
bytes should be rejected at header parsing stage.
The fix adds an error condition if header size of 0 bytes is detected.
In this case, the unpacker will not attempt to unpack the file, as the
header is corrupted.
The commit also adds OSSFuzz #20459 sample to test further regressions
in this area.
Diffstat (limited to 'Makefile.am')
-rw-r--r-- | Makefile.am | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index 06c26442..c65e2437 100644 --- a/Makefile.am +++ b/Makefile.am @@ -877,6 +877,7 @@ libarchive_test_EXTRA_DIST=\ libarchive/test/test_read_format_rar5_win32.rar.uu \ libarchive/test/test_read_format_rar5_arm_filter_on_window_boundary.rar.uu \ libarchive/test/test_read_format_rar5_different_winsize_on_merge.rar.uu \ + libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu \ libarchive/test/test_read_format_raw.bufr.uu \ libarchive/test/test_read_format_raw.data.gz.uu \ libarchive/test/test_read_format_raw.data.Z.uu \ |