search

tobozo / ESP32-targz

🗜️ An Arduino library to unpack/uncompress tar, gz, and tar.gz files on ESP32 and ESP8266
Other
118 stars 15 forks source link

Corrupted file path when untarring file #3

Closed MormonMoron closed 4 years ago

MormonMoron commented 4 years ago

The file path is getting corrupted in the unTarHeaderCallback because a new char* buffer is allocated, but not null terminated before use.

You should change the snippet (starting at line 349 in the current master branch):

int unTarHeaderCallBack(header_translated_t *proper,  CC_UNUSED int entry_index,  CC_UNUSED void *context_data) {
  dump_header(proper);
  if(proper->type == T_NORMAL) {
    char *file_path = new char[256];// = ""; // TODO: normalize this for fs::FS, limit is 32, not 256
    // avoid double slashing root path
    if( strcmp( tarDestFolder, FOLDER_SEPARATOR ) != 0 ) {
      strcat(file_path, tarDestFolder);
    }
    strcat(file_path, FOLDER_SEPARATOR);
    strcat(file_path, proper->filename);

to null terminate the file_path buffer after allocation:

int unTarHeaderCallBack(header_translated_t *proper,  CC_UNUSED int entry_index,  CC_UNUSED void *context_data) {
  dump_header(proper);
  if(proper->type == T_NORMAL) {
    char *file_path = new char[256];// = ""; // TODO: normalize this for fs::FS, limit is 32, not 256
    **file_path[0] = '\0';**
    // avoid double slashing root path
    if( strcmp( tarDestFolder, FOLDER_SEPARATOR ) != 0 ) {
      strcat(file_path, tarDestFolder);
    }
    strcat(file_path, FOLDER_SEPARATOR);
    strcat(file_path, proper->filename);
tobozo commented 4 years ago

thanks for spotting that bug !

changes have been published in the latest release and should propagage soon through the arduino library manager