25 lines
823 B
Plaintext
25 lines
823 B
Plaintext
Security fix for CVE-2018-1000097 sharutils: heap-buffer-overflow in find_archive in unshar.c
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1548018
|
|
|
|
Index: src/unshar.c
|
|
--- src/unshar.c.orig
|
|
+++ src/unshar.c
|
|
@@ -240,7 +240,7 @@ find_archive (char const * name, FILE * file, off_t st
|
|
off_t position = ftello (file);
|
|
|
|
/* Read next line, fail if no more and no previous process. */
|
|
- if (!fgets (rw_buffer, BUFSIZ, file))
|
|
+ if (!fgets (rw_buffer, rw_base_size, file))
|
|
{
|
|
if (!start)
|
|
error (0, 0, _("Found no shell commands in %s"), name);
|
|
@@ -311,7 +311,7 @@ get_env_tmpdir(void)
|
|
static FILE *
|
|
load_file (char const ** tmp_fname, FILE * infp)
|
|
{
|
|
- static char const z_tmpfile[] = "unsh.XXXXXX";
|
|
+ static char const z_tmpfile[] = "unsh.XXXXXXXXXX";
|
|
char * pz_fname;
|
|
FILE * outfp;
|
|
|