commit bca3fcca91cfb6ee64434776aa20209547816c17
Author: Elie Le Vaillant <eolie...@disroot.org>
AuthorDate: Sun Feb 11 09:26:14 2024 +0100
Commit: Roberto E. Vargas Caballero <k...@shike2.com>
CommitDate: Tue Mar 5 13:25:44 2024 +0100
tar: sanitize, chktar: leading spaces should be skipped over
Some tar archives (eg. ftp://ftp.gnu.org/gnu/shtool/shtool-2.0.8.tar.gz)
use leading spaces instead of leading zeroes for numeric fields.
Although it is not allowed by the ustar specification, most tar
implementations recognize it as correct. But since 3ef6d4e4, we
replace all spaces by NULs here, not just trailing ones, which leads to
recognizing such archives as malformed. This fixes it: we now skip
over leading spaces, allowing strtol(3) to read those numeric fields.
diff --git a/tar.c b/tar.c
index d3a9f3b..5f73c26 100644
--- a/tar.c
+++ b/tar.c
@@ -399,10 +399,12 @@ sanitize(struct header *h)
/* Numeric fields can be terminated with spaces instead of
* NULs as per the ustar specification. Patch all of them to
* use NULs so we can perform string operations on them. */
- for (i = 0; i < LEN(fields); i++)
- for (j = 0; j < fields[i].l; j++)
+ for (i = 0; i < LEN(fields); i++){
+ for (j = 0; j < fields[i].l && fields[i].f[j] == ' '; j++);
+ for (; j < fields[i].l; j++)
if (fields[i].f[j] == ' ')
fields[i].f[j] = '\0';
+ }
}
static void
@@ -421,7 +423,8 @@ chktar(struct header *h)
goto bad;
}
memcpy(tmp, h->chksum, sizeof(tmp));
- for (i = 0; i < sizeof(tmp); i++)
+ for (i = 0; i < sizeof(tmp), tmp[i] == ' '; i++);
+ for (; i < sizeof(tmp); i++)
if (tmp[i] == ' ')
tmp[i] = '\0';
s1 = strtol(tmp, &err, 8);
