Userland: Fix buffer overflow in unzip

It's not a great idea reading file names into a 4 byte sized buffer.
2026-01-06 16:45:03 +00:00 · 2020-10-01 00:03:22 +02:00
parent bd5abbc454
commit 422cb50e4e
1 changed files with 2 additions and 3 deletions
--- a/Userland/unzip.cpp
+++ b/Userland/unzip.cpp
@@ -115,10 +115,9 @@ static bool unpack_file_for_central_directory_index(off_t central_directory_inde
        return false;
    off_t extra_field_length = buffer[1] << 8 | buffer[0];

-    if (!seek_and_read(buffer, file, local_file_header_index + LFHFileNameBaseOffset, file_name_length))
-        return false;
    char file_name[file_name_length + 1];
-    memcpy(file_name, buffer, file_name_length);
+    if (!seek_and_read((u8*)file_name, file, local_file_header_index + LFHFileNameBaseOffset, file_name_length))
+        return false;
    file_name[file_name_length] = '\0';

    if (file_name[file_name_length - 1] == '/') {