WARC reader: skip whitespace and check for first digit in _warc_rdlen() Fixes possible heap-buffer-overflow. Reported-By: OSS-Fuzz issue 552

commit: 4f5a7af80831cedaa25eb23b054768dbfebaabb0 [log] [tgz]
author: Martin Matuska <martin@matuska.org> Mon Feb 06 03:07:33 2017 +0100
committer: Martin Matuska <martin@matuska.org> Mon Feb 06 03:07:33 2017 +0100
tree: e8b23a84408ab60981669975d5e653f6260b69fc
parent: 9553a3a0e453dbc68ac9ec11dfe43c538ecd7c06 [diff]
diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c
index 3f15098..5e22438 100644
--- a/libarchive/archive_read_support_format_warc.c
+++ b/libarchive/archive_read_support_format_warc.c

@@ -730,7 +730,12 @@
 		return -1;
 	}
 
-	/* strtol kindly overreads whitespace for us, so use that */
+	/* skip leading whitespace */
+	while (val < eol && isblank(*val))
+		val++;
+	/* there must be at least one digit */
+	if (!isdigit(*val))
+		return -1;
 	len = strtol(val, &on, 10);
 	if (on != eol) {
 		/* line must end here */
commit	4f5a7af80831cedaa25eb23b054768dbfebaabb0	[log] [tgz]
author	Martin Matuska <martin@matuska.org>	Mon Feb 06 03:07:33 2017 +0100
committer	Martin Matuska <martin@matuska.org>	Mon Feb 06 03:07:33 2017 +0100
tree	e8b23a84408ab60981669975d5e653f6260b69fc
parent	9553a3a0e453dbc68ac9ec11dfe43c538ecd7c06 [diff]