From c291b7914e1db9469cc820abcb1f5dde7a6f7f28 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= <des@FreeBSD.org>
Date: Wed, 6 Mar 2024 17:13:54 +0100
Subject: [PATCH] tarfs: Avoid overflow in exthdr calculation.

MFC after:	3 days
PR:		277420
Sponsored by:	Juniper Networks, Inc.
Sponsored by:	Klara, Inc.
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D44202
---
 sys/fs/tarfs/tarfs_vfsops.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sys/fs/tarfs/tarfs_vfsops.c b/sys/fs/tarfs/tarfs_vfsops.c
index df8ad240d03..05014bf1037 100644
--- a/sys/fs/tarfs/tarfs_vfsops.c
+++ b/sys/fs/tarfs/tarfs_vfsops.c
@@ -583,7 +583,8 @@ again:
 				error = EINVAL;
 				goto bad;
 			}
-			if (line + len > exthdr + sz) {
+			if ((uintptr_t)line + len < (uintptr_t)line ||
+			    line + len > exthdr + sz) {
 				TARFS_DPF(ALLOC, "%s: exthdr overflow\n",
 				    __func__);
 				error = EINVAL;