lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041105210058.GA14805@devserv.devel.redhat.com> Date: Fri, 5 Nov 2004 16:00:58 -0500 From: Josh Bressers <bressers@...hat.com> To: martin.pitt@...onical.com Cc: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com Subject: Re: [HV-MED] Zip/Linux long path buffer overflow On Fri, Nov 05, 2004 at 02:26:33PM +0100, Martin Pitt wrote: > I prepared a small fix for this (see below). It does not make zip work > with long file names, but at least it exits cleanly with giving the > reason, and does not segfault. This fix will allow zip to create an archive with very long filenames. I'm also changing the type of len from a signed int to size_t to prevent trouble in the future. --- zip-2.3/unix/unix.c.orig 2004-11-05 15:44:41.000000000 -0500 +++ zip-2.3/unix/unix.c 2004-11-05 15:50:28.000000000 -0500 @@ -319,8 +319,8 @@ iztimes *t; /* return value: a file size of -1 */ { struct stat s; /* results of stat() */ - char name[FNMAX]; - int len = strlen(f); + char *name; + size_t len = strlen(f); if (f == label) { if (a != NULL) @@ -331,6 +331,11 @@ iztimes *t; /* return value: t->atime = t->mtime = t->ctime = label_utim; return label_time; } + + name = malloc(len+1); + if (!name) + return 0; + strcpy(name, f); if (name[len - 1] == '/') name[len - 1] = '\0'; -- JB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists