From 7fff5e5955591ada15f4633a31932dc9d6c8086d Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Thu, 13 Apr 2023 02:06:22 -0400 Subject: ustar: Verify magic --- (limited to 'src') diff --git a/src/ustar.c b/src/ustar.c index 6388d76..63998ec 100644 --- a/src/ustar.c +++ b/src/ustar.c @@ -20,6 +20,7 @@ #include #include #include +#include #include "defs.h" #include "gzip.h" #include "ustar.h" @@ -62,6 +63,10 @@ _opkg_opk_ustar_next(struct opkg_opk_gzip_state *gzip_state, const char *member, case OPKG_OPK_ERROR: return OPKG_OPK_ERROR; } + if (strncmp(header->magic, "ustar", strlen("ustar")) != 0) { + return OPKG_OPK_ERROR; + } + size = strtol(header->size, &size_end, 10); if (*size_end != '\0') { return OPKG_OPK_ERROR; -- cgit v0.9.1