[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: [PATCH 0/1] get_header_tar.c: string termination fix
From: Alexey Fomenko <ext-alexey.fomenko () nokia ! com>
Date: 2011-10-19 12:16:41
Message-ID: 1319026601.2072.4446.camel () falexey ! research ! nokia ! com
[Download RAW message or body]
On Wed, 2011-10-19 at 14:09 +0200, ext Denys Vlasenko wrote:
> On Wed, Oct 19, 2011 at 10:11 AM, Alexey Fomenko
> <ext-alexey.fomenko@nokia.com> wrote:
> > Hello.
> >
> > archival/libarchive/get_header_tar.c:
> > GET_OCTAL(a) sends to getOctal(a, strlen(a)). Afterwards getOctal terminates
> > argument string outside of array bounds.
>
> This is intended. The fields in tar header, if the value is sufficiently large,
> may end up being not terminated at all:
>
> typedef struct tar_header_t { /* byte offset */
> char name[NAME_SIZE]; /* 0-99 */
> char mode[8]; /* 100-107 */
> char uid[8]; /* 108-115 */
> char gid[8]; /* 116-123 */
> char size[12]; /* 124-135 */
> char mtime[12]; /* 136-147 */
>
> For example, if size is 100000000000 (octal) or more (8+ Gb),
> then size[] and mtime[] fields will look like this:
>
> "1000000000001234567..."
>
> where "1234567..." is mtime.
>
> That's why we do field[sizeof(field)] = '\0' before parsing it
> - we place NUL _after_ the field.
>
Ah, I see. Thanks for the explanation.
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic