From e03b49477a497a231b3aa887155c8f4edc3236a7 Mon Sep 17 00:00:00 2001 From: S Harris Date: Mon, 21 Jun 2021 10:00:17 +0100 Subject: cpio: fix sscanf on unterminated buffer Signed-off-by: S Harris Signed-off-by: Denys Vlasenko --- archival/libarchive/get_header_cpio.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'archival/libarchive/get_header_cpio.c') diff --git a/archival/libarchive/get_header_cpio.c b/archival/libarchive/get_header_cpio.c index 4ad174732..9ad0557c2 100644 --- a/archival/libarchive/get_header_cpio.c +++ b/archival/libarchive/get_header_cpio.c @@ -20,7 +20,7 @@ typedef struct hardlinks_t { char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle) { file_header_t *file_header = archive_handle->file_header; - char cpio_header[110]; + char cpio_header[111]; int namesize; int major, minor, nlink, mode, inode; unsigned size, uid, gid, mtime; @@ -43,6 +43,7 @@ char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle) bb_simple_error_msg_and_die("unsupported cpio format, use newc or crc"); } + cpio_header[110] = '\0'; /* sscanf may call strlen which may break without this */ if (sscanf(cpio_header + 6, "%8x" "%8x" "%8x" "%8x" "%8x" "%8x" "%8x" /*maj,min:*/ "%*16c" -- cgit v1.2.3