9fa9eb9ac7
Rename them to follow the make makepatch naming, and regenerate them. With hat: portmgr Sponsored by: Absolight
49 lines
1.5 KiB
Text
49 lines
1.5 KiB
Text
- Fix buffer overflow problem in filename handling (CAN-2004-0947)
|
|
|
|
--- unarj.c.orig 2002-06-05 08:28:06 UTC
|
|
+++ unarj.c
|
|
@@ -213,7 +213,7 @@ static uchar arj_flags;
|
|
static short method;
|
|
static uint file_mode;
|
|
static ulong time_stamp;
|
|
-static short entry_pos;
|
|
+static ushort entry_pos;
|
|
static ushort host_data;
|
|
static uchar *get_ptr;
|
|
static UCRC file_crc;
|
|
@@ -604,6 +604,7 @@ char *name;
|
|
error(M_BADHEADR, "");
|
|
|
|
crc = CRC_MASK;
|
|
+ memset(header, 0, sizeof(header));
|
|
fread_crc(header, (int) headersize, fd);
|
|
header_crc = fget_crc(fd);
|
|
if ((crc ^ CRC_MASK) != header_crc)
|
|
@@ -628,9 +629,13 @@ char *name;
|
|
|
|
if (origsize < 0 || compsize < 0)
|
|
error(M_HEADRCRC, "");
|
|
+ if(first_hdr_size > headersize-2) /* need two \0 for file and comment */
|
|
+ error(M_BADHEADR, "");
|
|
|
|
hdr_filename = (char *)&header[first_hdr_size];
|
|
strncopy(filename, hdr_filename, sizeof(filename));
|
|
+ if(entry_pos >= strlen(filename))
|
|
+ error(M_BADHEADR, "");
|
|
if (host_os != OS)
|
|
strparity((uchar *)filename);
|
|
if ((arj_flags & PATHSYM_FLAG) != 0)
|
|
@@ -727,11 +732,11 @@ extract()
|
|
|
|
no_output = 0;
|
|
if (command == 'E')
|
|
- strcpy(name, &filename[entry_pos]);
|
|
+ strncopy(name, &filename[entry_pos], sizeof(name));
|
|
else
|
|
{
|
|
strcpy(name, DEFAULT_DIR);
|
|
- strcat(name, filename);
|
|
+ strncopy(name+strlen(name), filename, sizeof(name)-strlen(name));
|
|
}
|
|
|
|
if (host_os != OS)
|