The call to readlink in line 801 of copyout.c doesn't return a
null-terminated string. The name can end up having extra garbage on the end.
The attached patch adds a null to the end of the string after the return
code from readlink has been checked.
Charles Johnston
diff -Ndpru cpio-2.7/src/copyout.c cpio-2.7.fixed/src/copyout.c
--- cpio-2.7/src/copyout.c 2006-09-27 02:19:44.000000000 -0600
+++ cpio-2.7.fixed/src/copyout.c 2006-11-12 18:58:25.000000000 -0700
@@ -806,6 +806,7 @@ process_copy_out ()
free (link_name);
continue;
}
+ link_name[link_size] = '\0';
cpio_safer_name_suffix (link_name, false,
!no_abs_paths_flag, true);
link_size = strlen (link_name);
_______________________________________________
Bug-cpio mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-cpio
