From 4ecfc85985f29bda41fddd20eb8bf232447f3b6d Mon Sep 17 00:00:00 2001
From: Patrick McDermott <patrick.mcdermott@libiquity.com>
Date: Sun, 30 Jul 2023 23:07:58 -0400
Subject: opk/read: Prevent buffer overflow with long names

Can be triggered by control files with GNU long names, because the path
buffer into which the file name is copied is a fixed size.

100000000th commit!
---
diff --git a/opkg-opk/opk/read.c b/opkg-opk/opk/read.c
index 7f5b3dd..164a3fc 100644
--- a/opkg-opk/opk/read.c
+++ b/opkg-opk/opk/read.c
@@ -202,6 +202,15 @@ _opkg_opk_opk_read_control(struct opkg_opk_opk *opk)
 #				pragma GCC diagnostic ignored \
 					"-Wanalyzer-use-of-uninitialized-value"
 #			endif
+			/* Guard against buffer overflow. */
+			if (strlen(member->name) >= OPKG_OPK_USTAR_NAME_SIZE) {
+				opkg_opk_error(_("Control files with long "
+							"names not supported"));
+				opkg_opk_ustar_member_free(member);
+				_opkg_opk_opk_read_free_inner(opk);
+				free(path);
+				return OPKG_OPK_ERROR;
+			}
 			if (sprintf(path, "%s/%s", opk->control_dir,
 						member->name) <= 0) {
 				opkg_opk_ustar_member_free(member);
--
cgit v0.9.1