Fix libtar treatment of link targets that fill the header field

The tar header has a 100 byte field for symlink and hard link targets.
If the target is longer than 100 bytes, an extension header has to be
used.

However, it is perfectly valid to fill all 100 bytes to the brim
without adding a null terminator. In case of a symlink, this can
result in garbage link targets, while for hard links it results in
an immediate error since the target cannot be resolved later on.

This commit attempts to fix the problem by replacing the strdup of
the link target with an strndup that copies at most the size of the
target header field.

Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>

1 files changed, 2 insertions, 1 deletions

diff --git a/lib/tar/read_header.c b/lib/tar/read_header.c
index 1f20334..e8e49c2 100644
--- a/lib/tar/read_header.c
+++ b/lib/tar/read_header.c
@@ -116,7 +116,8 @@ static int decode_header(const tar_header_t *hdr, unsigned int set_by_pax,
 	if (hdr->typeflag == TAR_TYPE_LINK ||
 	    hdr->typeflag == TAR_TYPE_SLINK) {
 		if (!(set_by_pax & PAX_SLINK_TARGET)) {
-			out->link_target = strdup(hdr->linkname);
+			out->link_target = strndup(hdr->linkname,
+						   sizeof(hdr->linkname));
 			if (out->link_target == NULL) {
 				perror("decoding symlink target");
 				return -1;