Module Name: src
Committed By: christos
Date: Wed Apr 15 02:29:13 UTC 2015
Modified Files:
src/usr.bin/gzip: gzip.c
Log Message:
Coverity CID 1264915, Via FreeBSD (Xin Li)
When reading in the original file name from gzip header, we read
in PATH_MAX + 1 bytes from the file. In r281500, strrchr() is
used to strip possible path portion of the file name to mitigate
a possible attack. Unfortunately, strrchr() expects a buffer
that is NUL-terminated, and since we are processing potentially
untrusted data, we can not assert that be always true.
Solve this by reading in one less byte (now PATH_MAX) and
explicitly terminate the buffer after the read size with NUL.
To generate a diff of this commit:
cvs rdiff -u -r1.107 -r1.108 src/usr.bin/gzip/gzip.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
