diff options
author | kientzle <kientzle@FreeBSD.org> | 2008-05-27 04:46:12 +0000 |
---|---|---|
committer | kientzle <kientzle@FreeBSD.org> | 2008-05-27 04:46:12 +0000 |
commit | 456ca43f89f09bbc298c6cb81599ad3859b84efb (patch) | |
tree | 3757febcf8db69de959367a3044a5d3b6fd11aa6 /lib | |
parent | e2011087ec9a77fef90cb3ba5456a0e45d1e14ca (diff) | |
download | FreeBSD-src-456ca43f89f09bbc298c6cb81599ad3859b84efb.zip FreeBSD-src-456ca43f89f09bbc298c6cb81599ad3859b84efb.tar.gz |
Minor code hardening: Verify the final bytes of the string
are actually accessible before trying to use them.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libarchive/archive_read_support_format_tar.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/libarchive/archive_read_support_format_tar.c b/lib/libarchive/archive_read_support_format_tar.c index f25916b..3dd4cda 100644 --- a/lib/libarchive/archive_read_support_format_tar.c +++ b/lib/libarchive/archive_read_support_format_tar.c @@ -2362,7 +2362,7 @@ url_decode(const char *in) if (out == NULL) return (NULL); for (s = in, d = out; *s != '\0'; ) { - if (*s == '%') { + if (s[0] == '%' && s[1] != '\0' && s[2] != '\0') { /* Try to convert % escape */ int digit1 = tohex(s[1]); int digit2 = tohex(s[2]); |