A buffer overflow bug exists in zoo which is triggered during archive creation. This issue is borderline a bug as it's really only a problem if someone is creating a zoo archive on a directory full of files controlled by a local attacker. Here is how to reproduce this issue: mkdir `perl -e 'print "A"x254'` cd `perl -e 'print "A"x254'` mkdir `perl -e 'print "A"x254'` cd `perl -e 'print "A"x254'` touch feh cd ../.. zoo a arch.zoo `perl -e 'print "A"x254 . "/" . "A"x254 . "/feh"'` To fix this issue, in parse.c, line 42, Change the line: strcpy (tempname, fname); to strncpy(tempname, fname, LFNAMESIZE); Please note that there are probably countless other issues similar to this in zoo. I've not looked for any of them.
This is a dupe of #183109 I take it you prefer your fix to the one proposed there ? (just making sure) *** This bug has been marked as a duplicate of 183109 ***
These are two different issues.
I couldn't reproduce it with the current fe zoo I'm pushing a new fe zoo (zoo-2.10-7) using the opensuse package as base (seems a bit cleaner than ours) and your fix Please check the result is ok with you
I no longer see this behavior in the latest update from -devel (zoo-2.10-8.fc5) If you've not done so, you may want to alert the other distributions and upstream about this issue (I'm not sure if there is still an upstream though).