From bfa91018ace069edf3deb6c7e0bbe235ed6ecd3f Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Mon, 6 Apr 2009 17:54:55 +0000 Subject: contrib/lar: check for buffer overflows in lar_find_archive() and lar_find_member() --- contrib/lar/lar.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'contrib/lar/lar.c') diff --git a/contrib/lar/lar.c b/contrib/lar/lar.c index 57a16e9ff7..ad6cfc8e5d 100644 --- a/contrib/lar/lar.c +++ b/contrib/lar/lar.c @@ -182,7 +182,12 @@ lar_archive * lar_find_archive( const char *package ) LAR_FNAME(buffer); for( len = 0; package[len] != '\0'; len++ ) + { + if( len >= sizeof(buffer) ) + LAR_DIE("Package name exceeds maximum allowed length"); + if( package[len] == '.' ) seg++; + } while( seg > 0 ) { @@ -213,7 +218,12 @@ lar_member * lar_find_member( lar_archive *ar, const char *package ) LAR_FNAME(buffer); for( len = 0; package[len] != '\0'; len++ ) + { + if( len >= sizeof(buffer) ) + LAR_DIE("Package name exceeds maximum allowed length"); + buffer[len] = ( package[len] == '.' ) ? '/' : package[len]; + } buffer[len+0] = '.'; buffer[len+1] = 'l'; buffer[len+2] = 'u'; buffer[len+3] = 'a'; buffer[len+4] = '\0'; -- cgit v1.2.3