summary refs log tree commit diff
path: root/gnu/packages/patches/sharutils-CVE-2018-1000097.patch
blob: 8d58218184e237319370583c2fdd238c617abd0c (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Fix CVE-2018-1000097:

https://security-tracker.debian.org/tracker/CVE-2018-1000097
https://nvd.nist.gov/vuln/detail/CVE-2018-1000097

Patch taken from upstream bug report:
https://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00005.html

diff --git a/src/unshar.c b/src/unshar.c
index 80bc3a9..0fc3773 100644
--- a/src/unshar.c
+++ b/src/unshar.c
@@ -240,7 +240,7 @@ find_archive (char const * name, FILE * file, off_t start)
       off_t position = ftello (file);
 
       /* Read next line, fail if no more and no previous process.  */
-      if (!fgets (rw_buffer, BUFSIZ, file))
+      if (!fgets (rw_buffer, rw_base_size, file))
 	{
 	  if (!start)
 	    error (0, 0, _("Found no shell commands in %s"), name);