From 81777847f4e745f75504ae1767d49f0711e56b1b Mon Sep 17 00:00:00 2001
From: ticktock35 <ticktock35@e8e0d7a0-c8d9-11dd-a880-a1081c7ac358>
Date: Tue, 03 Mar 2009 19:59:35 -0500
Subject: Thanks to Krzysztof Kotlenga <pocek@users.sf.net>:

 Frans Meulenbroeks wrote:

> Anyway, appending the 0 byte is no good as tar_entry->name[100] is
> already out of bounds.

http://tiny.cc/964UD looks good enough. It's interesting that we have
to trace bugs already fixed upstream years ago.

http://lists.linuxtogo.org/pipermail/openembedded-devel/2009-March/008510.html

git-svn-id: http://opkg.googlecode.com/svn/trunk@203 e8e0d7a0-c8d9-11dd-a880-a1081c7ac358
---
(limited to 'libbb')

diff --git a/libbb/unarchive.c b/libbb/unarchive.c
index 24877e7..84a3b6a 100644
--- a/libbb/unarchive.c
+++ b/libbb/unarchive.c
@@ -600,15 +600,15 @@ file_header_t *get_header_tar(FILE *tar_stream)
                 linkname = NULL;
         } else
 #endif
-        if (tar.formated.prefix[0] == 0) {
-                tar_entry->name = strdup(tar.formated.name);
-        } else {                                              
-                tar_entry->name = concat_path_file(tar.formated.prefix, tar.formated.name);
-        }
+        {
+                tar_entry->name = xstrndup(tar.formated.name, 100);
 
-	if (strlen(tar_entry->name) > 100) {
-		tar_entry->name[100] = 0;
-	}
+                if (tar.formated.prefix[0]) {
+                        char *temp = tar_entry->name;
+                        tar_entry->name = concat_path_file(tar.formated.prefix, temp);
+                        free(temp);
+                }
+        }
 
 	// tar_entry->name = xstrdup(tar.formated.name);
 
--
cgit v0.9.1