teknoraver / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone

Blame rpm-4.12.0.x-CVE-2014-8118.patch

Lubos Kardos 2474ac
diff --git a/lib/cpio.c b/lib/cpio.c
Lubos Kardos 2474ac
index 253ff0f..600633a 100644
Lubos Kardos 2474ac
--- a/lib/cpio.c
Lubos Kardos 2474ac
+++ b/lib/cpio.c
Lubos Kardos 2474ac
@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, int * fx)
Lubos Kardos 2474ac
 
Lubos Kardos 2474ac
     GET_NUM_FIELD(hdr.filesize, fsize);
Lubos Kardos 2474ac
     GET_NUM_FIELD(hdr.namesize, nameSize);
Lubos Kardos 2474ac
+    if (nameSize <= 0 || nameSize > 4096) {
Lubos Kardos 2474ac
+	 return RPMERR_BAD_HEADER;
Lubos Kardos 2474ac
+    }
Lubos Kardos 2474ac
 
Lubos Kardos 2474ac
     char name[nameSize + 1];
Lubos Kardos 2474ac
     read = Fread(name, nameSize, 1, cpio->fd);