diff options
| -rw-r--r-- | opkg-opk/opk/read.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/opkg-opk/opk/read.c b/opkg-opk/opk/read.c index 7f5b3dd..164a3fc 100644 --- a/opkg-opk/opk/read.c +++ b/opkg-opk/opk/read.c @@ -202,6 +202,15 @@ _opkg_opk_opk_read_control(struct opkg_opk_opk *opk) # pragma GCC diagnostic ignored \ "-Wanalyzer-use-of-uninitialized-value" # endif + /* Guard against buffer overflow. */ + if (strlen(member->name) >= OPKG_OPK_USTAR_NAME_SIZE) { + opkg_opk_error(_("Control files with long " + "names not supported")); + opkg_opk_ustar_member_free(member); + _opkg_opk_opk_read_free_inner(opk); + free(path); + return OPKG_OPK_ERROR; + } if (sprintf(path, "%s/%s", opk->control_dir, member->name) <= 0) { opkg_opk_ustar_member_free(member); |