opk/read: Prevent buffer overflow with long names

Can be triggered by control files with GNU long names, because the path buffer into which the file name is copied is a fixed size. 100000000th commit!
author: Patrick McDermott <patrick.mcdermott@libiquity.com> 2023-07-30 23:07:58 (EDT)
committer: Patrick McDermott <patrick.mcdermott@libiquity.com> 2023-07-30 23:07:58 (EDT)
commit: 4ecfc85985f29bda41fddd20eb8bf232447f3b6d (patch)
tree: abef5f0ee48a28483fcfbb494c180ad355af9b2f
parent: 54207c7bf2cea3834a081332900c25b8073a6c72 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/opkg-opk/opk/read.c b/opkg-opk/opk/read.c
index 7f5b3dd..164a3fc 100644
--- a/opkg-opk/opk/read.c
+++ b/opkg-opk/opk/read.c
@@ -202,6 +202,15 @@ _opkg_opk_opk_read_control(struct opkg_opk_opk *opk)
 #				pragma GCC diagnostic ignored \
 					"-Wanalyzer-use-of-uninitialized-value"
 #			endif
+			/* Guard against buffer overflow. */
+			if (strlen(member->name) >= OPKG_OPK_USTAR_NAME_SIZE) {
+				opkg_opk_error(_("Control files with long "
+							"names not supported"));
+				opkg_opk_ustar_member_free(member);
+				_opkg_opk_opk_read_free_inner(opk);
+				free(path);
+				return OPKG_OPK_ERROR;
+			}
 			if (sprintf(path, "%s/%s", opk->control_dir,
 						member->name) <= 0) {
 				opkg_opk_ustar_member_free(member);
author	Patrick McDermott <patrick.mcdermott@libiquity.com>	2023-07-30 23:07:58 (EDT)
committer	Patrick McDermott <patrick.mcdermott@libiquity.com>	2023-07-30 23:07:58 (EDT)
commit	4ecfc85985f29bda41fddd20eb8bf232447f3b6d (patch)
tree	abef5f0ee48a28483fcfbb494c180ad355af9b2f
parent	54207c7bf2cea3834a081332900c25b8073a6c72 (diff)