contrib/lar: check for buffer overflows in lar_find_archive() and lar_find_member()

author: Jo-Philipp Wich <jow@openwrt.org> 2009-04-06 17:54:55 +0000
committer: Jo-Philipp Wich <jow@openwrt.org> 2009-04-06 17:54:55 +0000
commit: bfa91018ace069edf3deb6c7e0bbe235ed6ecd3f (patch)
tree: d41433ff54a2eec72ff9ba5b7a14227e1bec9cdd /contrib/lar
parent: 50ccdfccce792d5bd013cae9eb93588a16a7ec62 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/contrib/lar/lar.c b/contrib/lar/lar.c
index 57a16e9ff..ad6cfc8e5 100644
--- a/contrib/lar/lar.c
+++ b/contrib/lar/lar.c
@@ -182,7 +182,12 @@ lar_archive * lar_find_archive( const char *package )
 	LAR_FNAME(buffer);
 
 	for( len = 0; package[len] != '\0'; len++ )
+	{
+		if( len >= sizeof(buffer) )
+			LAR_DIE("Package name exceeds maximum allowed length");
+
 		if( package[len] == '.' ) seg++;
+	}
 
 	while( seg > 0 )
 	{
@@ -213,7 +218,12 @@ lar_member * lar_find_member( lar_archive *ar, const char *package )
 	LAR_FNAME(buffer);
 
 	for( len = 0; package[len] != '\0'; len++ )
+	{
+		if( len >= sizeof(buffer) )
+			LAR_DIE("Package name exceeds maximum allowed length");
+
 		buffer[len] = ( package[len] == '.' ) ? '/' : package[len];
+	}
 
 	buffer[len+0] = '.'; buffer[len+1] = 'l'; buffer[len+2] = 'u';
 	buffer[len+3] = 'a'; buffer[len+4] = '\0';
author	Jo-Philipp Wich <jow@openwrt.org>	2009-04-06 17:54:55 +0000
committer	Jo-Philipp Wich <jow@openwrt.org>	2009-04-06 17:54:55 +0000
commit	bfa91018ace069edf3deb6c7e0bbe235ed6ecd3f (patch)
tree	d41433ff54a2eec72ff9ba5b7a14227e1bec9cdd /contrib/lar
parent	50ccdfccce792d5bd013cae9eb93588a16a7ec62 (diff)