head	1.2;
access;
symbols
	RELEASE_8_3_0:1.2
	RELEASE_9_0_0:1.2
	RELEASE_7_4_0:1.2
	RELEASE_8_2_0:1.2
	RELEASE_6_EOL:1.2
	RELEASE_8_1_0:1.2
	RELEASE_7_3_0:1.2
	RELEASE_8_0_0:1.2
	RELEASE_7_2_0:1.2
	RELEASE_7_1_0:1.2
	RELEASE_6_4_0:1.2
	RELEASE_5_EOL:1.2
	RELEASE_7_0_0:1.2
	RELEASE_6_3_0:1.2
	PRE_XORG_7:1.2
	RELEASE_4_EOL:1.2
	RELEASE_6_2_0:1.2
	RELEASE_6_1_0:1.2
	RELEASE_5_5_0:1.2
	RELEASE_6_0_0:1.2
	RELEASE_5_4_0:1.2
	RELEASE_4_11_0:1.2
	RELEASE_5_3_0:1.2
	RELEASE_4_10_0:1.2
	RELEASE_5_2_1:1.2
	RELEASE_5_2_0:1.2
	RELEASE_4_9_0:1.2
	RELEASE_5_1_0:1.2
	RELEASE_4_8_0:1.2
	RELEASE_5_0_0:1.2
	RELEASE_4_7_0:1.2
	RELEASE_4_6_2:1.2
	RELEASE_4_6_1:1.2
	RELEASE_4_6_0:1.2
	RELEASE_5_0_DP1:1.2
	RELEASE_4_5_0:1.2
	RELEASE_4_4_0:1.2
	RELEASE_4_3_0:1.1
	RELEASE_4_2_0:1.1
	RELEASE_4_1_1:1.1
	RELEASE_4_1_0:1.1
	RELEASE_3_5_0:1.1
	RELEASE_4_0_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2001.08.11.18.19.11;	author ache;	state Exp;
branches;
next	1.1;

1.1
date	2000.03.05.09.27.27;	author kris;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Protect against bad entry size in header
@
text
@--- arcio.c.orig	Wed Apr 15 02:58:26 1992
+++ arcio.c	Sat Aug 11 22:10:55 2001
@@@@ -46,7 +46,7 @@@@
 		return 0;	/* then signal end of archive */
 
 	if (hdrver != ARCMARK) {	/* check archive validity */
-		if (warn) {
+		if (arcwarn) {
 			printf("An entry in %s has a bad header.\n", arcname);
 			nerrs++;
 		}
@@@@ -63,10 +63,10 @@@@
 		if (feof(f) && first)
 			arcdie("%s is not an archive", arcname);
 
-		if (changing && warn)
+		if (changing && arcwarn)
 			arcdie("%s is corrupted -- changes disallowed", arcname);
 
-		if (warn)
+		if (arcwarn)
 			printf("  %d bytes skipped.\n", try);
 
 		if (feof(f))
@@@@ -110,7 +110,8 @@@@
 	hdr->crc = (short) ((dummy[22] << 8) + dummy[21]);
 	for (i = 0, hdr->length=0; i<4; hdr->length<<=8, hdr->length += dummy[26-i], i++);
 #endif
-
+	if (hdr->size < 0)
+		arcdie("Invalid header in archive %s", arcname);
 	if (hdr->date > olddate
 	    || (hdr->date == olddate && hdr->time > oldtime)) {
 		olddate = hdr->date;
@


1.1
log
@From OpenBSD: generate tempfiles securely with mkstemps()

Approved by:	Maintainer
@
text
@d1 2
a2 2
--- ./arcio.c.orig	Tue Aug 10 23:03:25 1999
+++ ./arcio.c	Tue Aug 10 23:01:56 1999
d25 10
@

