mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-15 19:35:25 -05:00
22 lines
723 B
Diff
22 lines
723 B
Diff
|
Fix CVE-2018-1000097:
|
||
|
|
||
|
https://security-tracker.debian.org/tracker/CVE-2018-1000097
|
||
|
https://nvd.nist.gov/vuln/detail/CVE-2018-1000097
|
||
|
|
||
|
Patch taken from upstream bug report:
|
||
|
https://lists.gnu.org/archive/html/bug-gnu-utils/2018-02/msg00005.html
|
||
|
|
||
|
diff --git a/src/unshar.c b/src/unshar.c
|
||
|
index 80bc3a9..0fc3773 100644
|
||
|
--- a/src/unshar.c
|
||
|
+++ b/src/unshar.c
|
||
|
@@ -240,7 +240,7 @@ find_archive (char const * name, FILE * file, off_t start)
|
||
|
off_t position = ftello (file);
|
||
|
|
||
|
/* Read next line, fail if no more and no previous process. */
|
||
|
- if (!fgets (rw_buffer, BUFSIZ, file))
|
||
|
+ if (!fgets (rw_buffer, rw_base_size, file))
|
||
|
{
|
||
|
if (!start)
|
||
|
error (0, 0, _("Found no shell commands in %s"), name);
|