23 lines
906 B
Diff
23 lines
906 B
Diff
|
commit fd7e0c02e272913a0a8b6d492c7260dfca0b1408
|
||
|
|
Author: Tim Kientzle <kientzle@acm.org>
|
||
|
|
Date: Sat May 14 12:37:37 2016 -0700
|
||
|
|
|
||
|
|
Reject cpio symlinks that exceed 1MB
|
||
|
|
|
||
|
|
diff --git a/libarchive/archive_read_support_format_cpio.c b/libarchive/archive_read_support_format_cpio.c
|
||
|
|
index c2ca85b..b09db0e 100644
|
||
|
|
--- a/libarchive/archive_read_support_format_cpio.c
|
||
|
|
+++ b/libarchive/archive_read_support_format_cpio.c
|
||
|
|
@@ -401,6 +401,11 @@ archive_read_format_cpio_read_header(struct archive_read *a,
|
||
|
|
|
||
|
|
/* If this is a symlink, read the link contents. */
|
||
|
|
if (archive_entry_filetype(entry) == AE_IFLNK) {
|
||
|
|
+ if (cpio->entry_bytes_remaining > 1024 * 1024) {
|
||
|
|
+ archive_set_error(&a->archive, ENOMEM,
|
||
|
|
+ "Rejecting malformed cpio archive: symlink contents exceed 1 megabyte");
|
||
|
|
+ return (ARCHIVE_FATAL);
|
||
|
|
+ }
|
||
|
|
h = __archive_read_ahead(a,
|
||
|
|
(size_t)cpio->entry_bytes_remaining, NULL);
|
||
|
|
if (h == NULL)
|