blob: f61662040b6ad3f11e44425a12b5bd5a9943c021 (
plain) (
tree)
|
|
From: Petr Pisar
Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar
Bug-Debian: https://bugs.debian.org/893525
X-Debian-version: 1:4.15.2-3
--- a/src/unshar.c
+++ b/src/unshar.c
@@ -240,7 +240,7 @@
off_t position = ftello (file);
/* Read next line, fail if no more and no previous process. */
- if (!fgets (rw_buffer, BUFSIZ, file))
+ if (!fgets (rw_buffer, rw_base_size, file))
{
if (!start)
error (0, 0, _("Found no shell commands in %s"), name);
|