search

dskvr / opkg

Automatically exported from code.google.com/p/opkg
0 stars 0 forks source link

opkg doesn't properly handle long link/path names in tar files. #21

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. provide opkg with a tar file that has a link name that is 100 characters
    or 
2. provide opkg with a tar file that has a 'path_prefix' of 155 characters.

This is in r215
Similar to the fix put into r201 for the file_name entry.
The attached patch should fix it.

Original issue reported on code.google.com by pblac...@gmail.com on 17 Sep 2009 at 9:15

Attachments:

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
This is the right fix.  This will create a copy of the link_name for a string 
that is
nonzero in length.  I had removed the strlen() check since if the link_name is
exactly 100 characters long, the strlen may report > 100 and copy the wrong 
data. 
I've fixed the patch to check for zero length, and properly added a strndup 
limit of
100 characters.

Sorry for the mess, I've been a bit rushed, and should have waited a bit longer 
to
submit the patch.

Original comment by pblac...@gmail.com on 18 Sep 2009 at 7:51

Attachments: