Overview

File sharutils-CVE-2018-1000097-fix_buffer_overflow.patch of Package sharutils

---
 src/unshar.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Index: src/unshar.c
===================================================================
--- src/unshar.c.orig	2015-01-07 03:14:10.000000000 +0100
+++ src/unshar.c	2018-03-13 10:21:47.491268510 +0100
@@ -107,7 +107,8 @@ looks_like_c_code (char const * buf)
 static bool
 looks_like_shell_code (char const * buf)
 {
-  while (isspace ((int) *buf))  buf++;
+  intptr_t buf_end = buf + rw_base_size;
+  while (isspace ((int) *buf) && buf < buf_end)  buf++;
   switch (*buf)
     {
     case '#': case ':':
@@ -240,7 +241,7 @@ find_archive (char const * name, FILE *
       off_t position = ftello (file);
 
       /* Read next line, fail if no more and no previous process.  */
-      if (!fgets (rw_buffer, BUFSIZ, file))
+      if (!fgets (rw_buffer, GET_PAGE_SIZE, file))
 	{
 	  if (!start)
 	    error (0, 0, _("Found no shell commands in %s"), name);
openSUSE Build Service is sponsored by
Places