From 8128ad8c79321782a7238a8ea7ffede41136a419 Mon Sep 17 00:00:00 2001
From: Chris Frey <cdfrey@foursquare.net>
Date: Thu, 10 Oct 2013 19:55:06 -0400
Subject: [PATCH] Added commentary on T_BLOCKSIZE, ssize_t, and int size risks

Thanks to Chris Palmer.
---
 lib/block.c  | 11 +++++++++++
 lib/libtar.h |  1 +
 2 files changed, 12 insertions(+)

diff --git a/lib/block.c b/lib/block.c
index 092bc28..30a8387 100644
--- a/lib/block.c
+++ b/lib/block.c
@@ -24,6 +24,17 @@
 
 
 /* read a header block */
+/* FIXME: the return value of this function should match the return value
+	  of tar_block_read(), which is a macro which references a prototype
+	  that returns a ssize_t.  So far, this is safe, since tar_block_read()
+	  only ever reads 512 (T_BLOCKSIZE) bytes at a time, so any difference
+	  in size of ssize_t and int is of negligible risk.  BUT, if
+	  T_BLOCKSIZE ever changes, or ever becomes a variable parameter
+	  controllable by the user, all the code that calls it,
+	  including this function and all code that calls it, should be
+	  fixed for security reasons.
+	  Thanks to Chris Palmer for the critique.
+*/
 int
 th_read_internal(TAR *t)
 {
diff --git a/lib/libtar.h b/lib/libtar.h
index 55f509a..3b46a13 100644
--- a/lib/libtar.h
+++ b/lib/libtar.h
@@ -26,6 +26,7 @@ extern "C"
 
 
 /* useful constants */
+/* see FIXME note in block.c regarding T_BLOCKSIZE */
 #define T_BLOCKSIZE		512
 #define T_NAMELEN		100
 #define T_PREFIXLEN		155
-- 
2.11.4.GIT