On Thu, Apr 8, 2021 at 12:02 PM Kamil Dudka <kdu...@redhat.com> wrote:
> On Thursday, April 8, 2021 9:47:05 AM CEST Ondrej Dubaj wrote:
> > Hello,
> >
> > proposing patch for some of the issues found by coverity scan in
> cpio-2.13
> >
> > Patch:
> >
> > diff --git a/src/tar.c b/src/tar.c
> > index 99ef8a2..a5873e7 100644
> > --- a/src/tar.c
> > +++ b/src/tar.c
> > @@ -146,6 +146,7 @@ write_out_tar_header (struct cpio_file_stat
> *file_hdr,
> > int out_des)
> > name_len = strlen (file_hdr->c_name);
> > if (name_len <= TARNAMESIZE)
> > {
> > + memset(tar_hdr->name, '\0', name_len+1);
> > strncpy (tar_hdr->name, file_hdr->c_name, name_len);
> > }
> > else
>
> This is obviously incorrect because it would write past the tar_hdr->name
> array in case (name_len == TARNAMESIZE).
>
Actually you are right, the best option might be:
memset(tar_hdr->name, '\0', TARNAMESIZE);
Thanks!
Ondrej
>
> Kamil
>
>
>
