chantra / rpms / rpm

Forked from rpms/rpm 2 years ago
Clone
5523e9
--- rpm-4.11.1.orig/lib/cpio.c	2014-11-28 12:21:50.444158675 +0100
5523e9
+++ rpm-4.11.1/lib/cpio.c	2014-11-28 12:22:53.776453253 +0100
5523e9
@@ -296,6 +296,9 @@
5523e9
     st->st_rdev = makedev(major, minor);
5523e9
 
5523e9
     GET_NUM_FIELD(hdr.namesize, nameSize);
5523e9
+    if (nameSize <= 0 || nameSize > 4096) {
5523e9
+        return CPIOERR_BAD_HEADER;
5523e9
+    }
5523e9
 
5523e9
     *path = xmalloc(nameSize + 1);
5523e9
     read = Fread(*path, nameSize, 1, cpio->fd);