From 91241c4208af0e46b36777ab1ddf9dbbcb67fae1 Mon Sep 17 00:00:00 2001
From: Scott James Remnant <keybuk@debian.org>
Date: Mon, 8 Mar 2004 17:36:29 +0000
Subject: [PATCH] Apply patch to fix #232025; the tar spec doesn't require a
 100-char filename to end with a NULL terminator, so we have to copy it out of
 the header carefully.

---
 ChangeLog        |  7 +++++++
 debian/changelog |  1 +
 lib/tarfn.c      | 21 +++++++++++++++++++--
 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7fb9f392..5035f1af 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Thu Mar  4 13:28:11 GMT 2004 Scott James Remnant <scott@netsplit.com>
+
+  * lib/tarfn.c: Copy the Name and LinkName elements and ensure they
+  are NULL-terminated, freeing these copies before returning.  The
+  tar spec doesn't require a NULL byte if the filename is exactly
+  100 characters long.
+
 Sun Feb 29 21:56:25 GMT 2004 Scott James Remnant <scott@netsplit.com>
 
   * scripts/dpkg-checkbuilddeps.pl: Push build-conflicts errors into
diff --git a/debian/changelog b/debian/changelog
index efe9a31a..9a1c4ae1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ dpkg (1.10.19) unstable; urgency=low
 
   * Distinguish unmet build dependencies from build conflicts.
     Closes: #217943, #235266.
+  * Force NULL-termination of all tar file entry names.  Closes: #232025.
 
  -- Scott James Remnant <scott@netsplit.com>  UNRELEASED
 
diff --git a/lib/tarfn.c b/lib/tarfn.c
index 803b1f0f..710e2ed2 100644
--- a/lib/tarfn.c
+++ b/lib/tarfn.c
@@ -51,6 +51,21 @@ OtoL(const char * s, int size)
 	return n;
 }
 
+/* String block to C null-terminated string */
+char *
+StoC(const char *s, int size)
+{
+	int	len;
+	char *	str;
+
+	len = strnlen(s, size);
+	str = malloc(len + 1);
+	memcpy(str, s, len);
+	str[len] = 0;
+
+	return str;
+}
+
 static int
 DecodeTarHeader(char * block, TarInfo * d)
 {
@@ -67,8 +82,8 @@ DecodeTarHeader(char * block, TarInfo * d)
 	if ( *h->GroupName )
 		group = getgrnam(h->GroupName);
 
-	d->Name = h->Name;
-	d->LinkName = h->LinkName;
+	d->Name = StoC(h->Name, sizeof(h->Name));
+	d->LinkName = StoC(h->LinkName, sizeof(h->LinkName));
 	d->Mode = (mode_t)OtoL(h->Mode, sizeof(h->Mode));
 	d->Size = (size_t)OtoL(h->Size, sizeof(h->Size));
 	d->ModTime = (time_t)OtoL(h->ModificationTime
@@ -267,6 +282,8 @@ TarExtractor(
 		symListPointer = symListBottom;
 	}
 	free(symListPointer);
+	free(h.Name);
+	free(h.LinkName);
 	if ( status > 0 ) {	/* Read partial header record */
 		errno = 0;	/* Indicates broken tarfile */
 		return -1;
-- 
2.39.5