From f190eb996fb77a09090a5aec9191851e55ae160e Mon Sep 17 00:00:00 2001
From: Stuart Caie <kyzer@cabextract.org.uk>
Date: Mon, 18 Feb 2019 13:04:58 +0000
Subject: [PATCH 6/6] length checks when looking for control files

(cherry picked from commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d)
---
 libmspack/trunk/mspack/chmd.c | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/libmspack/trunk/mspack/chmd.c b/libmspack/trunk/mspack/chmd.c
index beaccb7..783f511 100644
--- a/libmspack/trunk/mspack/chmd.c
+++ b/libmspack/trunk/mspack/chmd.c
@@ -483,20 +483,18 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
 
       if (name[0] == ':' && name[1] == ':') {
 	/* system file */
-	if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) {
-	  if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) {
-	    chm->sec1.content = fi;
-	  }
-	  else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) {
-	    chm->sec1.control = fi;
-	  }
-	  else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) {
-	    chm->sec1.spaninfo = fi;
-	  }
-	  else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) {
+        if (name_len == 40 && mspack_memcmp(name, content_name, 40) == 0) {
+          chm->sec1.content = fi;
+        }
+        else if (name_len == 44 && mspack_memcmp(name, control_name, 44) == 0) {
+          chm->sec1.control = fi;
+        }
+        else if (name_len == 41 && mspack_memcmp(name, spaninfo_name, 41) == 0) {
+          chm->sec1.spaninfo = fi;
+        }
+        else if (name_len == 105 && mspack_memcmp(name, rtable_name, 105) == 0) {
 	    chm->sec1.rtable = fi;
 	  }
-	}
 	fi->next = chm->sysfiles;
 	chm->sysfiles = fi;
       }
-- 
2.22.0