Fix possible buffer overflow (thanks to Mikkel Kamstrup for pointing that out!)
diff --git a/src/ideviceinstaller.c b/src/ideviceinstaller.c
index 81ce145..e1f995b 100644
--- a/src/ideviceinstaller.c
+++ b/src/ideviceinstaller.c
@@ -913,8 +913,7 @@
zbuf = NULL;
len = 0;
plist_t info = NULL;
- char filename[256];
- filename[0] = '\0';
+ char* filename = NULL;
char* app_directory_name = NULL;
if (zip_get_app_directory(zf, &app_directory_name)) {
@@ -923,6 +922,7 @@
}
/* construct full filename to Info.plist */
+ filename = (char*)malloc(strlen(app_directory_name)+10+1);
strcpy(filename, app_directory_name);
free(app_directory_name);
app_directory_name = NULL;
@@ -930,10 +930,12 @@
if (zip_get_contents(zf, filename, 0, &zbuf, &len) < 0) {
fprintf(stderr, "WARNING: could not locate %s in archive!\n", filename);
+ free(filename);
zip_unchange_all(zf);
zip_close(zf);
goto leave_cleanup;
}
+ free(filename);
if (memcmp(zbuf, "bplist00", 8) == 0) {
plist_from_bin(zbuf, len, &info);
} else {