You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.3 KiB
46 lines
1.3 KiB
From 5356621172d669d8f62e7e746a6c7a11345aec4e Mon Sep 17 00:00:00 2001
|
|
From: Guillem Jover <guillem@debian.org>
|
|
Date: Tue, 3 Jan 2023 23:29:05 +0100
|
|
Subject: dpkg-deb: Fix buffer overflow on long directory names with old deb
|
|
formats
|
|
|
|
The handling for deb 0.x formats that relocates files around once
|
|
extracted was using a buffer with a hardcoded size, not taking into
|
|
account the length of the directory which would overflow it.
|
|
|
|
Switch to use a dynamically allocated buffer to handle any destination
|
|
directory length.
|
|
|
|
Reported-by: Georgy Yakovlev <gyakovlev@gentoo.org>
|
|
---
|
|
src/deb/extract.c | 7 ++++---
|
|
1 file changed, 4 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/deb/extract.c b/src/deb/extract.c
|
|
index a09853962..6466fa6f2 100644
|
|
--- a/src/deb/extract.c
|
|
+++ b/src/deb/extract.c
|
|
@@ -53,15 +53,16 @@
|
|
static void
|
|
movecontrolfiles(const char *dir, const char *thing)
|
|
{
|
|
- char buf[200];
|
|
+ char *cmd;
|
|
pid_t pid;
|
|
|
|
- sprintf(buf, "mv %s/%s/* %s/ && rmdir %s/%s", dir, thing, dir, dir, thing);
|
|
+ cmd = str_fmt("mv %s/%s/* %s/ && rmdir %s/%s", dir, thing, dir, dir, thing);
|
|
pid = subproc_fork();
|
|
if (pid == 0) {
|
|
- command_shell(buf, _("shell command to move files"));
|
|
+ command_shell(cmd, _("shell command to move files"));
|
|
}
|
|
subproc_reap(pid, _("shell command to move files"), 0);
|
|
+ free(cmd);
|
|
}
|
|
|
|
static void DPKG_ATTR_NORET
|
|
--
|
|
cgit v1.2.3
|
|
|