[git commit] cpio: fix sscanf on unterminated buffer
Denys Vlasenko
vda.linux at googlemail.com
Wed Jun 23 17:06:09 UTC 2021
commit: https://git.busybox.net/busybox/commit/?id=e03b49477a497a231b3aa887155c8f4edc3236a7
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
Signed-off-by: S Harris <S.E.Harris at kent.ac.uk>
Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
archival/libarchive/get_header_cpio.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/archival/libarchive/get_header_cpio.c b/archival/libarchive/get_header_cpio.c
index 4ad174732..9ad0557c2 100644
--- a/archival/libarchive/get_header_cpio.c
+++ b/archival/libarchive/get_header_cpio.c
@@ -20,7 +20,7 @@ typedef struct hardlinks_t {
char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
{
file_header_t *file_header = archive_handle->file_header;
- char cpio_header[110];
+ char cpio_header[111];
int namesize;
int major, minor, nlink, mode, inode;
unsigned size, uid, gid, mtime;
@@ -43,6 +43,7 @@ char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
bb_simple_error_msg_and_die("unsupported cpio format, use newc or crc");
}
+ cpio_header[110] = '\0'; /* sscanf may call strlen which may break without this */
if (sscanf(cpio_header + 6,
"%8x" "%8x" "%8x" "%8x"
"%8x" "%8x" "%8x" /*maj,min:*/ "%*16c"
More information about the busybox-cvs
mailing list