Commit 30571124 authored by Guillem Jover's avatar Guillem Jover

libdpkg: Detect ar header fields truncation

Do not allow building archives with truncated fields which would not
correspond to the packed member information, either the name being too
long or the size being too large.

Closes: #678933
parent d538ec83
......@@ -30,6 +30,8 @@ dpkg (1.16.5) UNRELEASED; urgency=low
* Add new start-stop-daemon --no-close option to disable closing file
descriptors on --background. Closes: #627333, #64642
* Switch source compression to xz.
* Detect ar header fields truncation due to too long member names or too
large member sizes. Closes: #678933
[ Updated dpkg translations ]
* Swedish (Peter Krefting).
......@@ -94,6 +94,11 @@ dpkg_ar_member_put_header(const char *ar_name, int ar_fd,
char header[sizeof(struct ar_hdr) + 1];
int n;
if (strlen(name) > 15)
ohshit(_("ar member name '%s' length too long"), name);
if (size > 9999999999L)
ohshit(_("ar member size %jd too large"), size);
n = sprintf(header, "%-16s%-12lu0 0 100644 %-10jd`\n",
name, time(NULL), (intmax_t)size);
if (n != sizeof(struct ar_hdr))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment