void-packages/srcpkgs/sharutils/patches/CVE-2018-1000097.patch

16 lines
471 B
Diff

From: Petr Pisar
Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar
Bug-Debian: https://bugs.debian.org/893525
--- a/src/unshar.c
+++ b/src/unshar.c
@@ -240,7 +240,7 @@
off_t position = ftello (file);
/* Read next line, fail if no more and no previous process. */
- if (!fgets (rw_buffer, BUFSIZ, file))
+ if (!fgets (rw_buffer, rw_base_size, file))
{
if (!start)
error (0, 0, _("Found no shell commands in %s"), name);