emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cpio: fix sscanf on unterminated buffer

Browse Source 
Signed-off-by: S Harris <S.E.Harris@kent.ac.uk>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
S Harris 2021-06-21 10:00:17 +01:00 committed by Denys Vlasenko
parent 5709b51a75
commit e03b49477a
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
archival/libarchive/get_header_cpio.c
View File

@ -20,7 +20,7 @@ typedef struct hardlinks_t {
char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle) char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
{ {
file_header_t *file_header = archive_handle->file_header; file_header_t *file_header = archive_handle->file_header;
char cpio_header[110]; char cpio_header[111];
int namesize; int namesize;
int major, minor, nlink, mode, inode; int major, minor, nlink, mode, inode;
unsigned size, uid, gid, mtime; unsigned size, uid, gid, mtime;
@ -43,6 +43,7 @@ char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
bb_simple_error_msg_and_die("unsupported cpio format, use newc or crc"); bb_simple_error_msg_and_die("unsupported cpio format, use newc or crc");
} }
cpio_header[110] = '\0'; /* sscanf may call strlen which may break without this */
if (sscanf(cpio_header + 6, if (sscanf(cpio_header + 6,
"%8x" "%8x" "%8x" "%8x" "%8x" "%8x" "%8x" "%8x"
"%8x" "%8x" "%8x" /*maj,min:*/ "%*16c" "%8x" "%8x" "%8x" /*maj,min:*/ "%*16c"