From 292d6878fa3e7fd2ab0f7275a78190639ad116d4 Mon Sep 17 00:00:00 2001
From: Steven Morgan <stevmorg@cisco.com>
Date: Fri, 27 Oct 2017 16:03:29 -0400
Subject: [PATCH] bb11946 - check that tar checksum is within bounds. Patch
 supplied by Suleman Ali.

---
 libclamav/untar.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libclamav/untar.c b/libclamav/untar.c
index 3f72cec89..dcdf966fe 100644
--- a/libclamav/untar.c
+++ b/libclamav/untar.c
@@ -182,6 +182,9 @@ cli_untar(const char *dir, unsigned int posix, cli_ctx *ctx)
 			if((ret=cli_checklimits("cli_untar", ctx, 0, 0, 0))!=CL_CLEAN)
 				return ret;
 
+                        if (nread < TARCHECKSUMOFFSET + TARCHECKSUMLEN)
+                            return ret;
+
 			checksum = getchecksum(block);
 			cli_dbgmsg("cli_untar: Candidate checksum = %d, [%o in octal]\n", checksum, checksum);
 			if(testchecksum(block, checksum) != 0) {