d04b957 pkg: prevent potential stack overflow — HardenedBSD-pkg

rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9

HardenedBSD Package Manager

pkg: prevent potential stack overflow

Baptiste Daroussin committed 2 months ago

commit d04b9575db3a4630561db9186eb85c72a68d6c35
parent 7b98991

1 file changed +5 -1

modified libpkg/pkg_repo.c

@@ -248,18 +248,22 @@ struct pkg_extract_cbdata {

 static int
 pkg_repo_write_sig_from_archive(struct archive *a, int fd, size_t siglen)
 {
 	char sig[siglen];
 	char *sig;
 	sig = xmalloc(siglen);
 	if (archive_read_data(a, sig, siglen) == -1) {
 		pkg_emit_errno("pkg_repo_meta_extract_signature",
 		    "archive_read_data failed");
 		free(sig);
 		return (EPKG_FATAL);
 	}
 	if (write(fd, sig, siglen) == -1) {
 		pkg_emit_errno("pkg_repo_meta_extract_signature",
 		    "write failed");
 		free(sig);
 		return (EPKG_FATAL);
 	}
 	free(sig);
 	return (EPKG_OK);
 }