Skip to content

Commit fed3712

Browse files
authored
Reject bad hex values in xar checksums (libarchive#2479)
Hex values should be A to F (and lower-case); if there's any other letters, reject them.
1 parent 1b6009d commit fed3712

1 file changed

Lines changed: 4 additions & 4 deletions

File tree

libarchive/archive_read_support_format_xar.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1110,17 +1110,17 @@ atohex(unsigned char *b, size_t bsize, const char *p, size_t psize)
11101110
while (bsize && psize > 1) {
11111111
unsigned char x;
11121112

1113-
if (p[0] >= 'a' && p[0] <= 'z')
1113+
if (p[0] >= 'a' && p[0] <= 'f')
11141114
x = (p[0] - 'a' + 0x0a) << 4;
1115-
else if (p[0] >= 'A' && p[0] <= 'Z')
1115+
else if (p[0] >= 'A' && p[0] <= 'F')
11161116
x = (p[0] - 'A' + 0x0a) << 4;
11171117
else if (p[0] >= '0' && p[0] <= '9')
11181118
x = (p[0] - '0') << 4;
11191119
else
11201120
return (-1);
1121-
if (p[1] >= 'a' && p[1] <= 'z')
1121+
if (p[1] >= 'a' && p[1] <= 'f')
11221122
x |= p[1] - 'a' + 0x0a;
1123-
else if (p[1] >= 'A' && p[1] <= 'Z')
1123+
else if (p[1] >= 'A' && p[1] <= 'F')
11241124
x |= p[1] - 'A' + 0x0a;
11251125
else if (p[1] >= '0' && p[1] <= '9')
11261126
x |= p[1] - '0';

0 commit comments

Comments
 (0)