| diff --git a/lib/cpio.c b/lib/cpio.c |
| index 253ff0f..600633a 100644 |
| |
| |
| @@ -399,6 +399,9 @@ int rpmcpioHeaderRead(rpmcpio_t cpio, char ** path, int * fx) |
| |
| GET_NUM_FIELD(hdr.filesize, fsize); |
| GET_NUM_FIELD(hdr.namesize, nameSize); |
| + if (nameSize <= 0 || nameSize > 4096) { |
| + return RPMERR_BAD_HEADER; |
| + } |
| |
| char name[nameSize + 1]; |
| read = Fread(name, nameSize, 1, cpio->fd); |