|
Full Disclosure
mailing list archives
Re: [HV-MED] Zip/Linux long path buffer overflow
From: Josh Bressers <bressers () redhat com>
Date: Fri, 5 Nov 2004 16:00:58 -0500
On Fri, Nov 05, 2004 at 02:26:33PM +0100, Martin Pitt wrote:
I prepared a small fix for this (see below). It does not make zip work
with long file names, but at least it exits cleanly with giving the
reason, and does not segfault.
This fix will allow zip to create an archive with very long filenames.
I'm also changing the type of len from a signed int to size_t to prevent
trouble in the future.
--- zip-2.3/unix/unix.c.orig 2004-11-05 15:44:41.000000000 -0500
+++ zip-2.3/unix/unix.c 2004-11-05 15:50:28.000000000 -0500
@@ -319,8 +319,8 @@ iztimes *t; /* return value:
a file size of -1 */
{
struct stat s; /* results of stat() */
- char name[FNMAX];
- int len = strlen(f);
+ char *name;
+ size_t len = strlen(f);
if (f == label) {
if (a != NULL)
@@ -331,6 +331,11 @@ iztimes *t; /* return value:
t->atime = t->mtime = t->ctime = label_utim;
return label_time;
}
+
+ name = malloc(len+1);
+ if (!name)
+ return 0;
+
strcpy(name, f);
if (name[len - 1] == '/')
name[len - 1] = '\0';
--
JB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
|
Intro
