From 684b7ac5767e676cda78c161aeb7fe7b45a07529 Mon Sep 17 00:00:00 2001 From: Sergey Poznyakoff <gray@gnu.org> Date: Fri, 8 Nov 2019 09:09:36 +0200 Subject: [PATCH 1/2] Fix cpio header verification. * src/copyin.c (read_name_from_file): Print error message and skip file if its name is not nul-terminated. --- src/copyin.c | 9 ++++++++- tests/testsuite.at | 3 +-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/copyin.c b/src/copyin.c index b29f348..9348923 100644 --- a/src/copyin.c +++ b/src/copyin.c @@ -1000,7 +1000,14 @@ read_name_from_file (struct cpio_file_stat *file_hdr, int fd, uintmax_t len) { cpio_realloc_c_name (file_hdr, len); tape_buffered_read (file_hdr->c_name, fd, len); - file_hdr->c_namesize = len; + if (file_hdr->c_name[len-1] == 0) + file_hdr->c_namesize = len; + else + { + error (0, 0, _("malformed header: file name is not nul-terminated")); + /* Skip this file */ + file_hdr->c_namesize = 0; + } } /* Fill in FILE_HDR by reading an old-format ASCII format cpio header from diff --git a/tests/testsuite.at b/tests/testsuite.at index aa56bb9..f901b1a 100644 --- a/tests/testsuite.at +++ b/tests/testsuite.at @@ -1,8 +1,7 @@ # Process this file with autom4te to create testsuite. -*- Autotest -*- # Test suite for GNU cpio -# Copyright (C) 2004, 2006-2007, 2010, 2014-2015, 2017 Free Software -# Foundation, Inc. +# Copyright (C) 2004-2019 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -- 2.23.0