Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-ports-gnome
 Path: blob/main/archivers/lha/files/patch-header.c
16147 views
1
--- src/header.c.orig	2000-10-05 17:36:03 UTC

2
+++ src/header.c

3
@@ -320,8 +320,8 @@ generic_to_unix_stamp(t)

4
 	dostm.tm_min = t >> 5 & 0x3f;

5
 	dostm.tm_hour = t >> 11 & 0x1f;

6
 	dostm.tm_mday = t >> 16 & 0x1f;

7
-	dostm.tm_mon = (t >> 16 + 5 & 0x0f) - 1;	/* 0..11 */

8
-	dostm.tm_year = (t >> 16 + 9 & 0x7f) + 80;

9
+	dostm.tm_mon = (t >> (16 + 5) & 0x0f) - 1;	/* 0..11 */

10
+	dostm.tm_year = (t >> (16 + 9) & 0x7f) + 80;

11
 #if 0

12
 	dostm.tm_isdst = 0;	/* correct? */

13
 #endif

14
@@ -538,6 +538,10 @@ get_header(fp, hdr)

15
 				/*

16
 				 * filename

17
 				 */

18
+				if (header_size >= 256) {

19
+				  fprintf(stderr, "Possible buffer overflow hack attack, type #1\n");

20
+				  exit(109);

21
+				}

22
 				for (i = 0; i < header_size - 3; i++)

23
 					hdr->name[i] = (char) get_byte();

24
 				hdr->name[header_size - 3] = '\0';

25
@@ -547,6 +551,10 @@ get_header(fp, hdr)

26
 				/*

27
 				 * directory

28
 				 */

29
+				if (header_size >= FILENAME_LENGTH) {

30
+				  fprintf(stderr, "Possible buffer overflow hack attack, type #2\n");

31
+				  exit(110);

32
+				}

33
 				for (i = 0; i < header_size - 3; i++)

34
 					dirname[i] = (char) get_byte();

35
 				dirname[header_size - 3] = '\0';

36
@@ -648,8 +656,16 @@ get_header(fp, hdr)

37
 	}

38
 

39
 	if (dir_length) {

40
+		if ((dir_length + name_length) >= sizeof(dirname)) {

41
+			fprintf(stderr, "Insufficient buffer size\n");

42
+			exit(112);

43
+		}

44
 		strcat(dirname, hdr->name);

45
-		strcpy(hdr->name, dirname);

46
+		if ((dir_length + name_length) >= sizeof(hdr->name)) {

47
+			fprintf(stderr, "Insufficient buffer size\n");

48
+			exit(112);

49
+		}

50
+		strncpy(hdr->name, dirname, sizeof(hdr->name));

51
 		name_length += dir_length;

52
 	}

53
 

54
@@ -754,7 +770,7 @@ write_header(nafp, hdr)

55
 

56
 	convdelim(hdr->name, DELIM2);

57
 	if (hdr->header_level != HEADER_LEVEL2) {

58
-		if (p = (char *) rindex(hdr->name, DELIM2))

59
+		if ((p = (char *) rindex(hdr->name, DELIM2)))

60
 			name_length = strlen(++p);

61
 		else

62
 			name_length = strlen(hdr->name);

63
@@ -812,7 +828,7 @@ write_header(nafp, hdr)

64
 			put_word(hdr->unix_gid);

65
 			put_word(hdr->unix_uid);

66
 

67
-			if (p = (char *) rindex(hdr->name, DELIM2)) {

68
+			if ((p = (char *) rindex(hdr->name, DELIM2))) {

69
 				int             i;

70
 

71
 				name_length = p - hdr->name + 1;

72
@@ -838,7 +854,7 @@ write_header(nafp, hdr)

73
 			data[I_HEADER_CHECKSUM] = calc_sum(data + I_METHOD, header_size);

74
 		} else {		/* header level 2 */

75
 			int             i;

76
-			if (p = (char *) rindex(hdr->name, DELIM2))

77
+			if ((p = (char *) rindex(hdr->name, DELIM2)))

78
 				name_length = strlen(++p);

79
 			else {

80
 				p = hdr->name;

81


82