[PATCH 0/1] get_header_tar.c: string termination fix
Alexey Fomenko
ext-alexey.fomenko at nokia.com
Wed Oct 19 12:16:41 UTC 2011
On Wed, 2011-10-19 at 14:09 +0200, ext Denys Vlasenko wrote:
> On Wed, Oct 19, 2011 at 10:11 AM, Alexey Fomenko
> <ext-alexey.fomenko at nokia.com> wrote:
> > Hello.
> >
> > archival/libarchive/get_header_tar.c:
> > GET_OCTAL(a) sends to getOctal(a, strlen(a)). Afterwards getOctal terminates
> > argument string outside of array bounds.
>
> This is intended. The fields in tar header, if the value is sufficiently large,
> may end up being not terminated at all:
>
> typedef struct tar_header_t { /* byte offset */
> char name[NAME_SIZE]; /* 0-99 */
> char mode[8]; /* 100-107 */
> char uid[8]; /* 108-115 */
> char gid[8]; /* 116-123 */
> char size[12]; /* 124-135 */
> char mtime[12]; /* 136-147 */
>
> For example, if size is 100000000000 (octal) or more (8+ Gb),
> then size[] and mtime[] fields will look like this:
>
> "1000000000001234567..."
>
> where "1234567..." is mtime.
>
> That's why we do field[sizeof(field)] = '\0' before parsing it
> - we place NUL _after_ the field.
>
Ah, I see. Thanks for the explanation.
More information about the busybox
mailing list