Fix possible buffer overflow (thanks to Mikkel Kamstrup for pointing that out!)

1 files changed, 4 insertions, 2 deletions

diff --git a/src/ideviceinstaller.c b/src/ideviceinstaller.c
index 81ce145..e1f995b 100644
--- a/src/ideviceinstaller.c
+++ b/src/ideviceinstaller.c
@@ -913,8 +913,7 @@ run_again:
                         zbuf = NULL;
                         len = 0;
                         plist_t info = NULL;
-                        char filename[256];
-                        filename[0] = '\0';
+                        char* filename = NULL;
                         char* app_directory_name = NULL;
 
                         if (zip_get_app_directory(zf, &app_directory_name)) {
@@ -923,6 +922,7 @@ run_again:
                         }
 
                         /* construct full filename to Info.plist */
+                        filename = (char*)malloc(strlen(app_directory_name)+10+1);
                         strcpy(filename, app_directory_name);
                         free(app_directory_name);
                         app_directory_name = NULL;
@@ -930,10 +930,12 @@ run_again:
 
                         if (zip_get_contents(zf, filename, 0, &zbuf, &len) < 0) {
                                 fprintf(stderr, "WARNING: could not locate %s in archive!\n", filename);
+                                free(filename);
                                 zip_unchange_all(zf);
                                 zip_close(zf);
                                 goto leave_cleanup;
                         }
+                        free(filename);
                         if (memcmp(zbuf, "bplist00", 8) == 0) {
                                 plist_from_bin(zbuf, len, &info);
                         } else {