summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McDermott <patrick.mcdermott@libiquity.com>2023-07-30 23:07:58 (EDT)
committer Patrick McDermott <patrick.mcdermott@libiquity.com>2023-07-30 23:07:58 (EDT)
commit4ecfc85985f29bda41fddd20eb8bf232447f3b6d (patch)
treeabef5f0ee48a28483fcfbb494c180ad355af9b2f
parent54207c7bf2cea3834a081332900c25b8073a6c72 (diff)
opk/read: Prevent buffer overflow with long names
Can be triggered by control files with GNU long names, because the path buffer into which the file name is copied is a fixed size. 100000000th commit!
-rw-r--r--opkg-opk/opk/read.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/opkg-opk/opk/read.c b/opkg-opk/opk/read.c
index 7f5b3dd..164a3fc 100644
--- a/opkg-opk/opk/read.c
+++ b/opkg-opk/opk/read.c
@@ -202,6 +202,15 @@ _opkg_opk_opk_read_control(struct opkg_opk_opk *opk)
# pragma GCC diagnostic ignored \
"-Wanalyzer-use-of-uninitialized-value"
# endif
+ /* Guard against buffer overflow. */
+ if (strlen(member->name) >= OPKG_OPK_USTAR_NAME_SIZE) {
+ opkg_opk_error(_("Control files with long "
+ "names not supported"));
+ opkg_opk_ustar_member_free(member);
+ _opkg_opk_opk_read_free_inner(opk);
+ free(path);
+ return OPKG_OPK_ERROR;
+ }
if (sprintf(path, "%s/%s", opk->control_dir,
member->name) <= 0) {
opkg_opk_ustar_member_free(member);