archivers/lha/patches/patch-ak

   1 $NetBSD: patch-ak,v 1.1 2004/05/13 11:42:43 taca Exp $
   2
   3 --- src/header.c.orig   2000-10-06 02:36:03.000000000 +0900
   4 +++ src/header.c
   5 @@ -538,6 +538,10 @@ get_header(fp, hdr)
   6                                 /*
   7                                  * filename
   8                                  */
   9 +                               if (header_size >= 256) {
  10 +                                 fprintf(stderr, "Possible buffer overflow hack attack, type #1\n");
  11 +                                 exit(109);
  12 +                               }
  13                                 for (i = 0; i < header_size - 3; i++)
  14                                         hdr->name[i] = (char) get_byte();
  15                                 hdr->name[header_size - 3] = '\0';
  16 @@ -547,6 +551,10 @@ get_header(fp, hdr)
  17                                 /*
  18                                  * directory
  19                                  */
  20 +                               if (header_size >= FILENAME_LENGTH) {
  21 +                                 fprintf(stderr, "Possible buffer overflow hack attack, type #2\n");
  22 +                                 exit(110);
  23 +                               }
  24                                 for (i = 0; i < header_size - 3; i++)
  25                                         dirname[i] = (char) get_byte();
  26                                 dirname[header_size - 3] = '\0';