diff options
author | Timo Teräs <timo.teras@iki.fi> | 2023-04-10 20:22:39 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2023-04-10 20:22:39 +0300 |
commit | 19d66502e1e1e6200d2abf6a76624eaf275be215 (patch) | |
tree | d5efcf85ff30f158fcc67278c5f0e238f4a377b6 | |
parent | c50c017874fa8e8328440e3430bd204e12c5c64f (diff) | |
download | apk-tools-19d66502e1e1e6200d2abf6a76624eaf275be215.tar.gz apk-tools-19d66502e1e1e6200d2abf6a76624eaf275be215.tar.bz2 apk-tools-19d66502e1e1e6200d2abf6a76624eaf275be215.tar.xz apk-tools-19d66502e1e1e6200d2abf6a76624eaf275be215.zip |
io: harden apk_fileinfo_get
Do not attempt to get xattrs from symlinks. Their extraction is not
supported either.
Do not use alloca.
-rw-r--r-- | src/io.c | 8 |
1 files changed, 3 insertions, 5 deletions
@@ -793,7 +793,7 @@ int apk_fileinfo_get(int atfd, const char *filename, unsigned int flags, .device = st.st_rdev, }; - if (xattr_hash_alg != APK_DIGEST_NONE) { + if (xattr_hash_alg != APK_DIGEST_NONE && !S_ISLNK(fi->mode)) { ssize_t len, vlen; int fd, i, r; char val[1024], buf[1024]; @@ -831,12 +831,10 @@ int apk_fileinfo_get(int atfd, const char *filename, unsigned int flags, /* Checksum file content */ if ((flags & APK_FI_NOFOLLOW) && S_ISLNK(st.st_mode)) { - char *target = alloca(st.st_size); - if (target == NULL) - return -ENOMEM; + char target[PATH_MAX]; + if (st.st_size > sizeof target) return -ENOMEM; if (readlinkat(atfd, filename, target, st.st_size) < 0) return -errno; - apk_digest_calc(&fi->digest, hash_alg, target, st.st_size); } else { struct apk_istream *is = apk_istream_from_file(atfd, filename); |