From 0a90960f446ebaf062244afbc626546b14689e0a Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Tue, 6 Feb 2018 17:39:45 +0100 Subject: [PATCH] ar: hopefully fix out-of-bounds read in get_header_ar() https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882175 Signed-off-by: Denys Vlasenko --- archival/libarchive/get_header_ar.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/archival/libarchive/get_header_ar.c b/archival/libarchive/get_header_ar.c index 1809ec396..93e071c9f 100644 --- a/archival/libarchive/get_header_ar.c +++ b/archival/libarchive/get_header_ar.c @@ -83,7 +83,7 @@ char FAST_FUNC get_header_ar(archive_handle_t *archive_handle) */ ar_long_name_size = size; free(ar_long_names); - ar_long_names = xmalloc(size); + ar_long_names = xzalloc(size + 1); xread(archive_handle->src_fd, ar_long_names, size); archive_handle->offset += size; /* Return next header */ @@ -107,7 +107,7 @@ char FAST_FUNC get_header_ar(archive_handle_t *archive_handle) unsigned long_offset; /* The number after the '/' indicates the offset in the ar data section - * (saved in ar_long_names) that conatains the real filename */ + * (saved in ar_long_names) that contains the real filename */ long_offset = read_num(&ar.formatted.name[1], 10, sizeof(ar.formatted.name) - 1); if (long_offset >= ar_long_name_size) { -- 2.25.1