From 684b7ac5767e676cda78c161aeb7fe7b45a07529 Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <gray@gnu.org>
Date: Fri, 8 Nov 2019 09:09:36 +0200
Subject: [PATCH 1/2] Fix cpio header verification.

* src/copyin.c (read_name_from_file): Print error message and
skip file if its name is not nul-terminated.
---
 src/copyin.c       | 9 ++++++++-
 tests/testsuite.at | 3 +--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/copyin.c b/src/copyin.c
index b29f348..9348923 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -1000,7 +1000,14 @@ read_name_from_file (struct cpio_file_stat *file_hdr, int fd, uintmax_t len)
 {
   cpio_realloc_c_name (file_hdr, len);
   tape_buffered_read (file_hdr->c_name, fd, len);
-  file_hdr->c_namesize = len;
+  if (file_hdr->c_name[len-1] == 0)
+    file_hdr->c_namesize = len;
+  else
+    {
+      error (0, 0, _("malformed header: file name is not nul-terminated"));
+      /* Skip this file */
+      file_hdr->c_namesize = 0;
+    }
 }
 
 /* Fill in FILE_HDR by reading an old-format ASCII format cpio header from
diff --git a/tests/testsuite.at b/tests/testsuite.at
index aa56bb9..f901b1a 100644
--- a/tests/testsuite.at
+++ b/tests/testsuite.at
@@ -1,8 +1,7 @@
 # Process this file with autom4te to create testsuite. -*- Autotest -*-
 
 # Test suite for GNU cpio
-# Copyright (C) 2004, 2006-2007, 2010, 2014-2015, 2017 Free Software
-# Foundation, Inc.
+# Copyright (C) 2004-2019 Free Software Foundation, Inc.
 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
-- 
2.23.0