Skip to content
Permalink
Browse files

Avoid a read off-by-one error for UTF16 names in RAR archives.

Reported-By: OSS-Fuzz issue 573
  • Loading branch information...
jsonn committed Sep 9, 2017
1 parent add25e4 commit 5562545b5562f6d12a4ef991fae158bf4ccf92b6
Showing with 5 additions and 1 deletion.
  1. +5 −1 libarchive/archive_read_support_format_rar.c
@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry,
return (ARCHIVE_FATAL);
}
filename[filename_size++] = '\0';
filename[filename_size++] = '\0';
/*
* Do not increment filename_size here as the computations below
* add the space for the terminating NUL explicitly.
*/
filename[filename_size] = '\0';

/* Decoded unicode form is UTF-16BE, so we have to update a string
* conversion object for it. */

1 comment on commit 5562545

@carnil

This comment has been minimized.

Copy link

commented on 5562545 Sep 17, 2017

The issue fixed by this commit was assigned CVE-2017-14502

Please sign in to comment.
You can’t perform that action at this time.