From a1f9ccf08ddc99e4e3f1ead01abb6a8d8d506b3a Mon Sep 17 00:00:00 2001 From: Guillem Jover Date: Wed, 6 Mar 2019 03:52:10 +0100 Subject: libdpkg: Handle non end-of-tape errors from tar_header_decode() We need to assign a status value in the non end-of-tape branch, otherwise we are using an uninitialized value, which might be anything, and could end up making the code proceed even if the archive is damaged/broken, etc. --- lib/dpkg/tarfn.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/dpkg/tarfn.c b/lib/dpkg/tarfn.c index 757e0e323..7ccdae389 100644 --- a/lib/dpkg/tarfn.c +++ b/lib/dpkg/tarfn.c @@ -466,6 +466,8 @@ tar_extractor(struct tar_archive *tar) if (h.name[0] == '\0') { /* End Of Tape. */ status = 0; + } else { + status = -1; } tar_entry_destroy(&h); break; -- cgit v1.2.3