Difuse/luci
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

contrib/lar: check for buffer overflows in lar_find_archive() and lar_find_member()

Browse source
This commit is contained in:
Jo-Philipp Wich 2009-04-06 17:54:55 +00:00
parent 50ccdfccce
commit bfa91018ac
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
contrib/lar/lar.c
View file

@ -182,7 +182,12 @@ lar_archive * lar_find_archive( const char *package )
LAR_FNAME(buffer); LAR_FNAME(buffer);
for( len = 0; package[len] != '\0'; len++ ) for( len = 0; package[len] != '\0'; len++ )
{
if( len >= sizeof(buffer) )
LAR_DIE("Package name exceeds maximum allowed length");
if( package[len] == '.' ) seg++; if( package[len] == '.' ) seg++;
}
while( seg > 0 ) while( seg > 0 )
{ {
@ -213,7 +218,12 @@ lar_member * lar_find_member( lar_archive *ar, const char *package )
LAR_FNAME(buffer); LAR_FNAME(buffer);
for( len = 0; package[len] != '\0'; len++ ) for( len = 0; package[len] != '\0'; len++ )
{
if( len >= sizeof(buffer) )
LAR_DIE("Package name exceeds maximum allowed length");
buffer[len] = ( package[len] == '.' ) ? '/' : package[len]; buffer[len] = ( package[len] == '.' ) ? '/' : package[len];
}
buffer[len+0] = '.'; buffer[len+1] = 'l'; buffer[len+2] = 'u'; buffer[len+0] = '.'; buffer[len+1] = 'l'; buffer[len+2] = 'u';
buffer[len+3] = 'a'; buffer[len+4] = '\0'; buffer[len+3] = 'a'; buffer[len+4] = '\0';