diff options
author | Nikias Bassen | 2014-03-14 10:41:52 +0100 |
---|---|---|
committer | Nikias Bassen | 2014-03-14 10:41:52 +0100 |
commit | 613ec55ae6441c0177859ac7f49b92a133979465 (patch) | |
tree | b15232d9b3f5a71f2f2b7ace53e681dc94730b78 | |
parent | 00ab62a8ea9518b73f1ad98fbbf504b9d54d920c (diff) | |
download | ideviceinstaller-613ec55ae6441c0177859ac7f49b92a133979465.tar.gz ideviceinstaller-613ec55ae6441c0177859ac7f49b92a133979465.tar.bz2 |
Fix possible buffer overflow (thanks to Mikkel Kamstrup for pointing that out!)
-rw-r--r-- | src/ideviceinstaller.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/ideviceinstaller.c b/src/ideviceinstaller.c index 81ce145..e1f995b 100644 --- a/src/ideviceinstaller.c +++ b/src/ideviceinstaller.c @@ -913,8 +913,7 @@ run_again: zbuf = NULL; len = 0; plist_t info = NULL; - char filename[256]; - filename[0] = '\0'; + char* filename = NULL; char* app_directory_name = NULL; if (zip_get_app_directory(zf, &app_directory_name)) { @@ -923,6 +922,7 @@ run_again: } /* construct full filename to Info.plist */ + filename = (char*)malloc(strlen(app_directory_name)+10+1); strcpy(filename, app_directory_name); free(app_directory_name); app_directory_name = NULL; @@ -930,10 +930,12 @@ run_again: if (zip_get_contents(zf, filename, 0, &zbuf, &len) < 0) { fprintf(stderr, "WARNING: could not locate %s in archive!\n", filename); + free(filename); zip_unchange_all(zf); zip_close(zf); goto leave_cleanup; } + free(filename); if (memcmp(zbuf, "bplist00", 8) == 0) { plist_from_bin(zbuf, len, &info); } else { |