[klibc] cpio: Fix possible integer overflow on 32-bit systems
The maximum name and file sizes in the "new" header format are 32-bit unsigned values. However, the I/O functions mostly use long for sizes and offsets, so that sizes >= 2^31 are handled wrongly on 32-bit systems.
The current GNU cpio code doesn't seem to have this problem, but the divergence between this version and that is large enough that I can't simply cherry-pick a fix for it.
As a short-term fix, in read_in_new_ascii(), fail if c_namesize or c_filesize is > LONG_MAX.
CVE-2021-31872
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>