cpio: fix sscanf on unterminated buffer

Signed-off-by: S Harris <S.E.Harris@kent.ac.uk>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
S Harris 2021-06-21 10:00:17 +01:00 committed by Denys Vlasenko
parent 5709b51a75
commit e03b49477a

View File

@ -20,7 +20,7 @@ typedef struct hardlinks_t {
char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
{
file_header_t *file_header = archive_handle->file_header;
char cpio_header[110];
char cpio_header[111];
int namesize;
int major, minor, nlink, mode, inode;
unsigned size, uid, gid, mtime;
@ -43,6 +43,7 @@ char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
bb_simple_error_msg_and_die("unsupported cpio format, use newc or crc");
}
cpio_header[110] = '\0'; /* sscanf may call strlen which may break without this */
if (sscanf(cpio_header + 6,
"%8x" "%8x" "%8x" "%8x"
"%8x" "%8x" "%8x" /*maj,min:*/ "%*16c"