--- rpm-4.11.1.orig/lib/cpio.c	2014-11-28 12:21:50.444158675 +0100
+++ rpm-4.11.1/lib/cpio.c	2014-11-28 12:22:53.776453253 +0100
@@ -296,6 +296,9 @@
     st->st_rdev = makedev(major, minor);
 
     GET_NUM_FIELD(hdr.namesize, nameSize);
+    if (nameSize <= 0 || nameSize > 4096) {
+        return CPIOERR_BAD_HEADER;
+    }
 
     *path = xmalloc(nameSize + 1);
     read = Fread(*path, nameSize, 1, cpio->fd);