Package: sharutils / 1:4.15.2-4

01-fix-heap-buffer-overflow-cve-2018-1000097.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
From: Petr Pisar
Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar
Bug-Debian: https://bugs.debian.org/893525
X-Debian-version: 1:4.15.2-3

--- a/src/unshar.c
+++ b/src/unshar.c
@@ -240,7 +240,7 @@
       off_t position = ftello (file);
 
       /* Read next line, fail if no more and no previous process.  */
-      if (!fgets (rw_buffer, BUFSIZ, file))
+      if (!fgets (rw_buffer, rw_base_size, file))
 	{
 	  if (!start)
 	    error (0, 0, _("Found no shell commands in %s"), name);