This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=2b0229b8f2dbfa990ce0c0cd74c16aea6d6aaa9f commit 2b0229b8f2dbfa990ce0c0cd74c16aea6d6aaa9f Author: Guillem Jover <guil...@debian.org> AuthorDate: Tue Jan 23 23:40:03 2024 +0100 libdpkg: Handle tar long GNU names and links not being NUL terminated The GNU tar implementation includes a terminating NUL byte as part of the body of the long GNU name and link entries, which gets represented in the size in the tar header. But not all tar implementations include the NUL byte as part of the body or it size. Even though dpkg-deb will never generate such packages, we have to be robust against such input, so we need to allocate one more byte for the terminating NUL byte, and explicitly terminate the string to make sure what we return is a valid NUL-terminated string, otherwise we end up with read overruns. Closes: #1061404 Stable-Candidate: 1.21.x 1.20.x --- lib/dpkg/tarfn.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/dpkg/tarfn.c b/lib/dpkg/tarfn.c index bc39acd7d..d999db68e 100644 --- a/lib/dpkg/tarfn.c +++ b/lib/dpkg/tarfn.c @@ -362,7 +362,7 @@ tar_gnu_long(struct tar_archive *tar, struct tar_entry *te, char **longp) int long_read; free(*longp); - *longp = bp = m_malloc(te->size); + *longp = bp = m_malloc(te->size + 1); for (long_read = te->size; long_read > 0; long_read -= TARBLKSZ) { int copysize; @@ -386,6 +386,7 @@ tar_gnu_long(struct tar_archive *tar, struct tar_entry *te, char **longp) memcpy(bp, buf, copysize); bp += copysize; } + *bp = '\0'; return status; } -- Dpkg.Org's dpkg