$NetBSD: patch-ak,v 1.1 2004/05/13 11:42:43 taca Exp $

--- src/header.c.orig	2000-10-06 02:36:03.000000000 +0900
+++ src/header.c
@@ -538,6 +538,10 @@ get_header(fp, hdr)
 				/*
 				 * filename
 				 */
+				if (header_size >= 256) {
+				  fprintf(stderr, "Possible buffer overflow hack attack, type #1\n");
+				  exit(109);
+				}
 				for (i = 0; i < header_size - 3; i++)
 					hdr->name[i] = (char) get_byte();
 				hdr->name[header_size - 3] = '\0';
@@ -547,6 +551,10 @@ get_header(fp, hdr)
 				/*
 				 * directory
 				 */
+				if (header_size >= FILENAME_LENGTH) {
+				  fprintf(stderr, "Possible buffer overflow hack attack, type #2\n");
+				  exit(110);
+				}
 				for (i = 0; i < header_size - 3; i++)
 					dirname[i] = (char) get_byte();
 				dirname[header_size - 3] = '\0';