teknoraver / rpms / rpm

Forked from rpms/rpm 4 months ago
Clone
Blob Blame History Raw
diff --git a/lib/cpio.c b/lib/cpio.c
index 253ff0f..600633a 100644
--- a/lib/cpio.c
+++ b/lib/cpio.c
@@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, int * fx)
 
     GET_NUM_FIELD(hdr.filesize, fsize);
     GET_NUM_FIELD(hdr.namesize, nameSize);
+    if (nameSize <= 0 || nameSize > 4096) {
+	 return RPMERR_BAD_HEADER;
+    }
 
     char name[nameSize + 1];
     read = Fread(name, nameSize, 1, cpio->fd);