summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenis Vlasenko2006-09-03 16:33:58 +0000
committerDenis Vlasenko2006-09-03 16:33:58 +0000
commit1da6a2166621d26f84cfb9b8711ded657fdf8d37 (patch)
tree7d6dabb6e5fd834703b9db810393ad0d514aac47
parent21afc7dc291f1cb11feec7a9766bf3542545f581 (diff)
downloadbusybox-1da6a2166621d26f84cfb9b8711ded657fdf8d37.zip
busybox-1da6a2166621d26f84cfb9b8711ded657fdf8d37.tar.gz
dpkg: fix buffer overflow (bug 983)
-rw-r--r--archival/dpkg.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/archival/dpkg.c b/archival/dpkg.c
index 0e57720..ac46833 100644
--- a/archival/dpkg.c
+++ b/archival/dpkg.c
@@ -1522,6 +1522,7 @@ static void unpack_package(deb_file_t *deb_file)
const unsigned int status_num = search_status_hashtable(package_name);
const unsigned int status_package_num = status_hashtable[status_num]->package;
char *info_prefix;
+ char *list_filename;
archive_handle_t *archive_handle;
FILE *out_stream;
llist_t *accept_list = NULL;
@@ -1570,8 +1571,8 @@ static void unpack_package(deb_file_t *deb_file)
unpack_ar_archive(archive_handle);
/* Create the list file */
- strcat(info_prefix, "list");
- out_stream = xfopen(info_prefix, "w");
+ list_filename = bb_xasprintf("/var/lib/dpkg/info/%s.list", package_name);
+ out_stream = bb_xfopen(list_filename, "w");
while (archive_handle->sub_archive->passed) {
/* the leading . has been stripped by data_extract_all_prefix already */
fputs(archive_handle->sub_archive->passed->data, out_stream);
@@ -1585,6 +1586,7 @@ static void unpack_package(deb_file_t *deb_file)
set_status(status_num, "unpacked", 3);
free(info_prefix);
+ free(list_filename);
}
static void configure_package(deb_file_t *deb_file)