summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2014-03-14 10:41:52 +0100
committerGravatar Nikias Bassen2014-03-14 10:41:52 +0100
commit613ec55ae6441c0177859ac7f49b92a133979465 (patch)
treeb15232d9b3f5a71f2f2b7ace53e681dc94730b78
parent00ab62a8ea9518b73f1ad98fbbf504b9d54d920c (diff)
downloadideviceinstaller-613ec55ae6441c0177859ac7f49b92a133979465.tar.gz
ideviceinstaller-613ec55ae6441c0177859ac7f49b92a133979465.tar.bz2
Fix possible buffer overflow (thanks to Mikkel Kamstrup for pointing that out!)
-rw-r--r--src/ideviceinstaller.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/ideviceinstaller.c b/src/ideviceinstaller.c
index 81ce145..e1f995b 100644
--- a/src/ideviceinstaller.c
+++ b/src/ideviceinstaller.c
@@ -913,8 +913,7 @@ run_again:
zbuf = NULL;
len = 0;
plist_t info = NULL;
- char filename[256];
- filename[0] = '\0';
+ char* filename = NULL;
char* app_directory_name = NULL;
if (zip_get_app_directory(zf, &app_directory_name)) {
@@ -923,6 +922,7 @@ run_again:
}
/* construct full filename to Info.plist */
+ filename = (char*)malloc(strlen(app_directory_name)+10+1);
strcpy(filename, app_directory_name);
free(app_directory_name);
app_directory_name = NULL;
@@ -930,10 +930,12 @@ run_again:
if (zip_get_contents(zf, filename, 0, &zbuf, &len) < 0) {
fprintf(stderr, "WARNING: could not locate %s in archive!\n", filename);
+ free(filename);
zip_unchange_all(zf);
zip_close(zf);
goto leave_cleanup;
}
+ free(filename);
if (memcmp(zbuf, "bplist00", 8) == 0) {
plist_from_bin(zbuf, len, &info);
} else {