cpio: fix sscanf on unterminated buffer

Signed-off-by: S Harris <S.E.Harris@kent.ac.uk>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/archival/libarchive/get_header_cpio.c b/archival/libarchive/get_header_cpio.c
index 4ad174732..9ad0557c2 100644
--- a/archival/libarchive/get_header_cpio.c
+++ b/archival/libarchive/get_header_cpio.c
@@ -20,7 +20,7 @@ typedef struct hardlinks_t {
 char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
 {
         file_header_t *file_header = archive_handle->file_header;
-        char cpio_header[110];
+        char cpio_header[111];
         int namesize;
         int major, minor, nlink, mode, inode;
         unsigned size, uid, gid, mtime;
@@ -43,6 +43,7 @@ char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
                 bb_simple_error_msg_and_die("unsupported cpio format, use newc or crc");
         }
 
+        cpio_header[110] = '\0'; /* sscanf may call strlen which may break without this */
         if (sscanf(cpio_header + 6,
                         "%8x" "%8x" "%8x" "%8x"
                         "%8x" "%8x" "%8x" /*maj,min:*/ "%*16c"