From 81777847f4e745f75504ae1767d49f0711e56b1b Mon Sep 17 00:00:00 2001 From: ticktock35 Date: Tue, 03 Mar 2009 19:59:35 -0500 Subject: Thanks to Krzysztof Kotlenga : Frans Meulenbroeks wrote: > Anyway, appending the 0 byte is no good as tar_entry->name[100] is > already out of bounds. http://tiny.cc/964UD looks good enough. It's interesting that we have to trace bugs already fixed upstream years ago. http://lists.linuxtogo.org/pipermail/openembedded-devel/2009-March/008510.html git-svn-id: http://opkg.googlecode.com/svn/trunk@203 e8e0d7a0-c8d9-11dd-a880-a1081c7ac358 --- diff --git a/libbb/unarchive.c b/libbb/unarchive.c index 24877e7..84a3b6a 100644 --- a/libbb/unarchive.c +++ b/libbb/unarchive.c @@ -600,15 +600,15 @@ file_header_t *get_header_tar(FILE *tar_stream) linkname = NULL; } else #endif - if (tar.formated.prefix[0] == 0) { - tar_entry->name = strdup(tar.formated.name); - } else { - tar_entry->name = concat_path_file(tar.formated.prefix, tar.formated.name); - } + { + tar_entry->name = xstrndup(tar.formated.name, 100); - if (strlen(tar_entry->name) > 100) { - tar_entry->name[100] = 0; - } + if (tar.formated.prefix[0]) { + char *temp = tar_entry->name; + tar_entry->name = concat_path_file(tar.formated.prefix, temp); + free(temp); + } + } // tar_entry->name = xstrdup(tar.formated.name); -- cgit v0.9.1