Fix out-of-bounds read

* src/copyin.c (process_copy_in): Skip records with zero filename length.

1 files changed, 23 insertions, 18 deletions

diff --git a/src/copyin.c b/src/copyin.c
index cde911e..05279d2 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -1378,30 +1378,35 @@ process_copy_in ()
 
 	}
 #endif
-      /* Is this the header for the TRAILER file?  */
-      if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0)
+      if (file_hdr.c_namesize == 0)
+	skip_file = true;
+      else
 	{
-	  done = true;
-	  break;
-	}
+	  /* Is this the header for the TRAILER file?  */
+	  if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0)
+	    {
+	      done = true;
+	      break;
+	    }
 
-      cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
-			      false);
+	  cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
+				  false);
       
-      /* Does the file name match one of the given patterns?  */
-      if (num_patterns <= 0)
-	skip_file = false;
-      else
-	{
-	  skip_file = copy_matching_files;
-	  for (i = 0; i < num_patterns
-	       && skip_file == copy_matching_files; i++)
+	  /* Does the file name match one of the given patterns?  */
+	  if (num_patterns <= 0)
+	    skip_file = false;
+	  else
 	    {
-	      if (fnmatch (save_patterns[i], file_hdr.c_name, 0) == 0)
-		skip_file = !copy_matching_files;
+	      skip_file = copy_matching_files;
+	      for (i = 0; i < num_patterns
+		     && skip_file == copy_matching_files; i++)
+		{
+		  if (fnmatch (save_patterns[i], file_hdr.c_name, 0) == 0)
+		    skip_file = !copy_matching_files;
+		}
 	    }
 	}
-
+      
       if (skip_file)
 	{
 	  /* If we're skipping a file with links, there might be other