From 613ec55ae6441c0177859ac7f49b92a133979465 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Fri, 14 Mar 2014 10:41:52 +0100
Subject: Fix possible buffer overflow (thanks to Mikkel Kamstrup for pointing
 that out!)

---
 src/ideviceinstaller.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/ideviceinstaller.c b/src/ideviceinstaller.c
index 81ce145..e1f995b 100644
--- a/src/ideviceinstaller.c
+++ b/src/ideviceinstaller.c
@@ -913,8 +913,7 @@ run_again:
 			zbuf = NULL;
 			len = 0;
 			plist_t info = NULL;
-			char filename[256];
-			filename[0] = '\0';
+			char* filename = NULL;
 			char* app_directory_name = NULL;
 
 			if (zip_get_app_directory(zf, &app_directory_name)) {
@@ -923,6 +922,7 @@ run_again:
 			}
 
 			/* construct full filename to Info.plist */
+			filename = (char*)malloc(strlen(app_directory_name)+10+1);
 			strcpy(filename, app_directory_name);
 			free(app_directory_name);
 			app_directory_name = NULL;
@@ -930,10 +930,12 @@ run_again:
 
 			if (zip_get_contents(zf, filename, 0, &zbuf, &len) < 0) {
 				fprintf(stderr, "WARNING: could not locate %s in archive!\n", filename);
+				free(filename);
 				zip_unchange_all(zf);
 				zip_close(zf);
 				goto leave_cleanup;
 			}
+			free(filename);
 			if (memcmp(zbuf, "bplist00", 8) == 0) {
 				plist_from_bin(zbuf, len, &info);
 			} else {
-- 
cgit v1.1-32-gdbae