tar: sanitize, chktar: leading spaces should be skipped over

Some tar archives (eg. ftp://ftp.gnu.org/gnu/shtool/shtool-2.0.8.tar.gz) use leading spaces instead of leading zeroes for numeric fields. Although it is not allowed by the ustar specification, most tar implementations recognize it as correct. But since 3ef6d4e4, we replace all spaces by NULs here, not just trailing ones, which leads to recognizing such archives as malformed. This fixes it: we now skip over leading spaces, allowing strtol(3) to read those numeric fields.
2024-02-11 09:26:14 +01:00 · 2024-02-11 09:26:14 +01:00 · bca3fcca91
parent d335c366f7
commit bca3fcca91
1 changed files with 6 additions and 3 deletions
--- a/tar.c
+++ b/tar.c
@ -399,10 +399,12 @@ sanitize(struct header *h)
 	/* Numeric fields can be terminated with spaces instead of
 	 * NULs as per the ustar specification.  Patch all of them to
 	 * use NULs so we can perform string operations on them. */
-	for (i = 0; i < LEN(fields); i++)
-		for (j = 0; j < fields[i].l; j++)
+	for (i = 0; i < LEN(fields); i++){
+		for (j = 0; j < fields[i].l && fields[i].f[j] == ' '; j++);
+		for (; j < fields[i].l; j++)
 			if (fields[i].f[j] == ' ')
 				fields[i].f[j] = '\0';
+	}
 }

 static void
@ -421,7 +423,8 @@ chktar(struct header *h)
 		goto bad;
 	}
 	memcpy(tmp, h->chksum, sizeof(tmp));
-	for (i = 0; i < sizeof(tmp); i++)
+	for (i = 0; i < sizeof(tmp), tmp[i] == ' '; i++);
+	for (; i < sizeof(tmp); i++)
 		if (tmp[i] == ' ')
 			tmp[i] = '\0';
 	s1 = strtol(tmp, &err, 8);