$OpenBSD: patch-src_header_c,v 1.3 2016/01/27 13:36:35 jasper Exp $

Security fix for CVE-2016-1925
http://seclists.org/oss-sec/2016/q1/132
https://osdn.jp/projects/lha/scm/git/lha/commits/bf2471f

--- src/header.c.orig	Wed Jan 27 14:31:45 2016
+++ src/header.c	Wed Jan 27 14:34:05 2016
@@ -688,6 +688,7 @@ get_header_level0(fp, hdr, data)
     char *data;
 {
     size_t header_size;
+    ssize_t remain_size;
     ssize_t extend_size;
     int checksum;
     int name_length;
@@ -697,9 +698,15 @@ get_header_level0(fp, hdr, data)
     hdr->header_size = header_size = get_byte();
     checksum = get_byte();
 
-    if (fread(data + COMMON_HEADER_SIZE,
-              header_size + 2 - COMMON_HEADER_SIZE, 1, fp) == 0) {
-        error("Invalid header (LHarc file ?)");
+    /* The data variable has been already read as COMMON_HEADER_SIZE bytes.
+       So we must read the remaining header size by the header_size. */
+    remain_size = header_size + 2 - COMMON_HEADER_SIZE;
+    if (remain_size <= 0) {
+      error("Invalid header size (LHarc file ?)");
+      return FALSE;
+    }
+    if (fread(data + COMMON_HEADER_SIZE, remain_size, 1, fp) == 0) {
+    	error("Invalid header (LHarc file ?)");
         return FALSE;   /* finish */
     }
 
@@ -804,6 +811,7 @@ get_header_level1(fp, hdr, data)
     char *data;
 {
     size_t header_size;
+    ssize_t remain_size;
     ssize_t extend_size;
     int checksum;
     int name_length;
@@ -813,9 +821,15 @@ get_header_level1(fp, hdr, data)
     hdr->header_size = header_size = get_byte();
     checksum = get_byte();
 
-    if (fread(data + COMMON_HEADER_SIZE,
-              header_size + 2 - COMMON_HEADER_SIZE, 1, fp) == 0) {
-        error("Invalid header (LHarc file ?)");
+    /* The data variable has been already read as COMMON_HEADER_SIZE bytes.
+       So we must read the remaining header size by the header_size. */
+    remain_size = header_size + 2 - COMMON_HEADER_SIZE;
+    if (remain_size <= 0) {
+        error("Invalid header size (LHarc file ?)");
+        return FALSE;
+    }
+    if (fread(data + COMMON_HEADER_SIZE, remain_size, 1, fp) == 0) {
+    	error("Invalid header (LHarc file ?)");
         return FALSE;   /* finish */
     }
 
