diff options
author | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2023-07-30 23:07:58 (EDT) |
---|---|---|
committer | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2023-07-30 23:07:58 (EDT) |
commit | 4ecfc85985f29bda41fddd20eb8bf232447f3b6d (patch) | |
tree | abef5f0ee48a28483fcfbb494c180ad355af9b2f | |
parent | 54207c7bf2cea3834a081332900c25b8073a6c72 (diff) |
opk/read: Prevent buffer overflow with long names
Can be triggered by control files with GNU long names, because the path
buffer into which the file name is copied is a fixed size.
100000000th commit!
-rw-r--r-- | opkg-opk/opk/read.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/opkg-opk/opk/read.c b/opkg-opk/opk/read.c index 7f5b3dd..164a3fc 100644 --- a/opkg-opk/opk/read.c +++ b/opkg-opk/opk/read.c @@ -202,6 +202,15 @@ _opkg_opk_opk_read_control(struct opkg_opk_opk *opk) # pragma GCC diagnostic ignored \ "-Wanalyzer-use-of-uninitialized-value" # endif + /* Guard against buffer overflow. */ + if (strlen(member->name) >= OPKG_OPK_USTAR_NAME_SIZE) { + opkg_opk_error(_("Control files with long " + "names not supported")); + opkg_opk_ustar_member_free(member); + _opkg_opk_opk_read_free_inner(opk); + free(path); + return OPKG_OPK_ERROR; + } if (sprintf(path, "%s/%s", opk->control_dir, member->name) <= 0) { opkg_opk_ustar_member_free(member); |