Radish alpha
H
HardenedBSD-pkg
HardenedBSD Package Manager
Radicle
Git (anonymous pull)
Log in to clone via SSH
Commits
add: fix potential heap overflow
Baptiste Daroussin committed 2 months ago
commit 7f34fff9258a7db7ba6a1858ce151fc4debf7999
parent 8b5b21a2c7647b45884dcbbdd4fbf885bd6a5472
1 file changed +4 -0
modified libpkg/pkg_add.c
@@ -771,6 +771,10 @@ create_regfile(struct pkg_add_context *context, struct pkg_file *f, struct archi
			const char *merge_tool = pkg_object_string(pkg_config_get("MERGETOOL"));



			pkg_debug(1, "Populating config_file %s", f->path);
+ 
			if (archive_entry_size(ae) < 0) {
+ 
				pkg_emit_error("Invalid config file size for %s", f->path);
+ 
				return (EPKG_FATAL);
+ 
			}

			len = archive_entry_size(ae);

			f->config->content = xmalloc(len + 1);

			archive_read_data(a, f->config->content, len);