From 422cb50e4ee5fac51223e4c8b69cb64f19f3178b Mon Sep 17 00:00:00 2001 From: Tibor Nagy Date: Thu, 1 Oct 2020 00:03:22 +0200 Subject: [PATCH] Userland: Fix buffer overflow in unzip It's not a great idea reading file names into a 4 byte sized buffer. --- Userland/unzip.cpp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Userland/unzip.cpp b/Userland/unzip.cpp index f88e414892..2617c353de 100644 --- a/Userland/unzip.cpp +++ b/Userland/unzip.cpp @@ -115,10 +115,9 @@ static bool unpack_file_for_central_directory_index(off_t central_directory_inde return false; off_t extra_field_length = buffer[1] << 8 | buffer[0]; - if (!seek_and_read(buffer, file, local_file_header_index + LFHFileNameBaseOffset, file_name_length)) - return false; char file_name[file_name_length + 1]; - memcpy(file_name, buffer, file_name_length); + if (!seek_and_read((u8*)file_name, file, local_file_header_index + LFHFileNameBaseOffset, file_name_length)) + return false; file_name[file_name_length] = '\0'; if (file_name[file_name_length - 1] == '/') {