mtree reader: check line length when looking for /set and /unset

author Martin Matuska <martin@matuska.org>

Wed, 25 Jan 2017 01:41:54 +0000 (02:41 +0100)

committer Martin Matuska <martin@matuska.org>

Wed, 25 Jan 2017 01:54:51 +0000 (02:54 +0100)
author Martin Matuska <martin@matuska.org>
Wed, 25 Jan 2017 01:41:54 +0000 (02:41 +0100)
committer Martin Matuska <martin@matuska.org>
Wed, 25 Jan 2017 01:54:51 +0000 (02:54 +0100)
diff --git a/libarchive/archive_read_support_format_mtree.c b/libarchive/archive_read_support_format_mtree.c

index d0aa84ccaeff8a018ccbf3bba827c789fedb183f..979a499d157617e4746f4af2f7f143062e746e85 100644 (file)
--- a/libarchive/archive_read_support_format_mtree.c
+++ b/libarchive/archive_read_support_format_mtree.c
@@ -715,13 +715,13 @@ detect_form(struct archive_read *a, int *is_form_d)
                                 }
                         } else
                                 break;
-               } else if (strncmp(p, "/set", 4) == 0) {
+               } else if (len > 4 && strncmp(p, "/set", 4) == 0) {
                         if (bid_keyword_list(p+4, len-4, 0, 0) <= 0)
                                 break;
                         /* This line continues. */
                         if (p[len-nl-1] == '\\')
                                 multiline = 2;
-               } else if (strncmp(p, "/unset", 6) == 0) {
+               } else if (len > 6 && strncmp(p, "/unset", 6) == 0) {
                         if (bid_keyword_list(p+6, len-6, 1, 0) <= 0)
                                 break;
                         /* This line continues. */
@@ -1019,11 +1019,11 @@ read_mtree(struct archive_read *a, struct mtree *mtree)
                 if (*p != '/') {
                         r = process_add_entry(a, mtree, &global, p, len,
                             &last_entry, is_form_d);
-               } else if (strncmp(p, "/set", 4) == 0) {
+               } else if (len > 4 && strncmp(p, "/set", 4) == 0) {
                         if (p[4] != ' ' && p[4] != '\t')
                                 break;
                         r = process_global_set(a, &global, p);
-               } else if (strncmp(p, "/unset", 6) == 0) {
+               } else if (len > 6 && strncmp(p, "/unset", 6) == 0) {
                         if (p[6] != ' ' && p[6] != '\t')
                                 break;
                         r = process_global_unset(a, &global, p);
author	Martin Matuska <martin@matuska.org>
	Wed, 25 Jan 2017 01:41:54 +0000 (02:41 +0100)
committer	Martin Matuska <martin@matuska.org>
	Wed, 25 Jan 2017 01:54:51 +0000 (02:54 +0100)