[hackers] [sbase] tar: Don't assume that name, linkname and prefix are null-terminated || sin

From: <git_AT_suckless.org>
Date: Tue, 21 Apr 2015 16:43:58 +0200 (CEST)

commit fde9e29d05d754aeb133af0d58802494b591bc1c
Author: sin <sin_AT_2f30.org>
Date: Tue Apr 21 15:05:51 2015 +0100

    tar: Don't assume that name, linkname and prefix are null-terminated

diff --git a/tar.c b/tar.c
index 0f82f15..44523ff 100644
--- a/tar.c
+++ b/tar.c
_AT_@ -203,7 +203,8 @@ unarchive(char *fname, ssize_t l, char b[BLKSIZ])
                 break;
         case HARDLINK:
         case SYMLINK:
- estrlcpy(lname, h->link, sizeof(lname));
+ snprintf(lname, sizeof(lname), "%.*s", (int)sizeof(h->link),
+ h->link);
                 if (((h->type == HARDLINK) ? link : symlink)(lname, fname) < 0)
                         eprintf("%s %s -> %s:",
                                 (h->type == HARDLINK) ? "link" : "symlink",
_AT_@ -314,20 +315,21 @@ sanitize(struct header *h)
 static void
 xt(int (*fn)(char *, ssize_t, char[BLKSIZ]))
 {
+ char b[BLKSIZ], fname[256 + 1], *p;
         struct header *h;
         long size;
- char b[BLKSIZ], fname[256 + 1], *p;
+ int n;
 
         h = (void *)b;
 
         while (fread(b, BLKSIZ, 1, tarfile) == 1 && *(h->name)) {
                 sanitize(h);
- fname[0] = '\0';
- if (*(h->prefix)) {
- estrlcat(fname, h->prefix, sizeof(fname));
- estrlcat(fname, "/", sizeof(fname));
- }
- estrlcat(fname, h->name, sizeof(fname));
+ n = 0;
+ if (h->prefix[0])
+ n = snprintf(fname, sizeof(fname), "%.*s/",
+ (int)sizeof(h->prefix), h->prefix);
+ snprintf(fname + n, sizeof(fname) - n, "%.*s",
+ (int)sizeof(h->name), h->name);
                 if ((size = strtol(h->size, &p, 8)) < 0 || *p != '\0')
                         eprintf("strtol %s: invalid number\n", h->size);
 
Received on Tue Apr 21 2015 - 16:43:58 CEST