From: Petr Pisar | |
Subject: Fix CVE-2018-1000097, heap buffer overflow in unshar | |
Bug-Debian: https://bugs.debian.org/893525 | |
X-Debian-version: 1:4.15.2-3 | |
--- a/src/unshar.c | |
+++ b/src/unshar.c | |
@@ -240,7 +240,7 @@ | |
off_t position = ftello (file); | |
/* Read next line, fail if no more and no previous process. */ | |
- if (!fgets (rw_buffer, BUFSIZ, file)) | |
+ if (!fgets (rw_buffer, rw_base_size, file)) | |
{ | |
if (!start) | |
error (0, 0, _("Found no shell commands in %s"), name); |