ar: hopefully fix out-of-bounds read in get_header_ar()

[oweals/busybox.git] / archival / ar.c

diff --git a/archival/ar.c b/archival/ar.c
index 866856f871589c6275e0da84b5b47814b9135fc5..f4edeb087c2cf7aa8661d06687e58aadb4170b07 100644 (file)
--- a/archival/ar.c
+++ b/archival/ar.c
@@ -16,8 +16,36 @@
  * between different systems
  * http://www.unix-systems.org/single_unix_specification_v2/xcu/ar.html
  */
+//config:config AR
+//config:      bool "ar (9.5 kb)"
+//config:      default n  # needs to be improved to be able to replace binutils ar
+//config:      help
+//config:      ar is an archival utility program used to create, modify, and
+//config:      extract contents from archives. In practice, it is used exclusively
+//config:      for object module archives used by compilers.
+//config:
+//config:      Unless you have a specific application which requires ar, you should
+//config:      probably say N here: most compilers come with their own ar utility.
+//config:
+//config:config FEATURE_AR_LONG_FILENAMES
+//config:      bool "Support long filenames (not needed for debs)"
+//config:      default y
+//config:      depends on AR
+//config:      help
+//config:      By default the ar format can only store the first 15 characters
+//config:      of the filename, this option removes that limitation.
+//config:      It supports the GNU ar long filename method which moves multiple long
+//config:      filenames into a the data section of a new ar entry.
+//config:
+//config:config FEATURE_AR_CREATE
+//config:      bool "Support archive creation"
+//config:      default y
+//config:      depends on AR
+//config:      help
+//config:      This enables archive creation (-c and -r) with busybox ar.
 
 //applet:IF_AR(APPLET(ar, BB_DIR_USR_BIN, BB_SUID_DROP))
+
 //kbuild:lib-$(CONFIG_AR) += ar.o
 
 //usage:#define ar_trivial_usage
@@ -212,11 +240,16 @@ int ar_main(int argc UNUSED_PARAM, char **argv)
 
        archive_handle = init_handle();
 
-       /* --: prepend '-' to the first argument if required */
-       /* -1: at least one param is reqd */
-       /* one of p,t,x[,r] is required */
-       opt_complementary = "--:-1:p:t:x"IF_FEATURE_AR_CREATE(":r");
-       opt = getopt32(argv, "voc""ptx"IF_FEATURE_AR_CREATE("r"));
+       /* prepend '-' to the first argument if required */
+       if (argv[1] && argv[1][0] != '-' && argv[1][0] != '\0')
+               argv[1] = xasprintf("-%s", argv[1]);
+       opt = getopt32(argv, "^"
+               "voc""ptx"IF_FEATURE_AR_CREATE("r")
+               "\0"
+               /* -1: at least one arg is reqd */
+               /* one of p,t,x[,r] is required */
+               "-1:p:t:x"IF_FEATURE_AR_CREATE(":r")
+       );
        argv += optind;
 
        t = opt / FIRST_CMD;