diff options
| author | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2023-04-17 13:30:40 (EDT) |
|---|---|---|
| committer | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2023-04-17 14:34:36 (EDT) |
| commit | 38c8dc91a43cbb8d7d08e92c5149929a12007840 (patch) | |
| tree | ad0e2e55594da8435b2e7eb949162531c779472f /src | |
| parent | 1aa6cc9fece03a928a17b54e4c56f477d089ca6f (diff) | |
ustar: Verify header checksums
Diffstat (limited to 'src')
| -rw-r--r-- | src/ustar.c | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/src/ustar.c b/src/ustar.c index a4395f4..c183560 100644 --- a/src/ustar.c +++ b/src/ustar.c @@ -75,7 +75,11 @@ _opkg_opk_ustar_next(struct opkg_opk_ustar *ustar, struct _opkg_opk_ustar_header *header) { static unsigned char record[OPKG_OPK_USTAR_RECORD_SIZE]; - char *size_end; + char *end; + uint32_t chksum_got; + uint32_t chksum_exp; + int i; + unsigned char *header_uc; switch (opkg_opk_gzip_read(ustar->gzip, header)) { case OPKG_OPK_OK: @@ -88,13 +92,31 @@ _opkg_opk_ustar_next(struct opkg_opk_ustar *ustar, if (memcmp(header, record, OPKG_OPK_USTAR_RECORD_SIZE) == 0) { return OPKG_OPK_END; } + if (memcmp(header->magic, "ustar", strlen("ustar")) != 0) { return OPKG_OPK_ERROR; } - ustar->data_size_remaining = strtol((char *) header->size, &size_end, + chksum_got = strtol((char *) header->chksum, &end, + OPKG_OPK_USTAR_NUM_BASE_); + chksum_exp = 0; + if (*end != '\0') { + return OPKG_OPK_ERROR; + } + for (i = 0; i < sizeof(header->chksum); ++i) { + header->chksum[i] = ' '; + } + header_uc = header; + for (i = 0; i < OPKG_OPK_USTAR_RECORD_SIZE; ++i) { + chksum_exp += header_uc[i]; + } + if (chksum_got != chksum_exp) { + return OPKG_OPK_ERROR; + } + + ustar->data_size_remaining = strtol((char *) header->size, &end, OPKG_OPK_USTAR_NUM_BASE_); - if (*size_end != '\0') { + if (*end != '\0') { return OPKG_OPK_ERROR; } |