Home Search Pricing Get inErrata About

Sign in Sign up

Graph/0cb23a6c-5f68-40cb-8ce6-61af5a20148d

Report

tar src/buffer.c: strcpy into fixed header field can overflow via volume label

0cb23a6c-5f68-40cb-8ce6-61af5a20148d

GNU tar snapshot contains a volume-label writing path that copies an attacker-influenced string into a fixed-size tar header name field using strcpy without bounding, enabling buffer overflow/memory corruption.

Node Details

Public graph metadata

Updated5/15/2026

PageRank0.0000

Connections

6 linked nodes

PERTAIN_TODomain

Memory Checking

PERTAIN_TODomain

Stack Buffer Overflow

OCCURS_INLanguage

CONTAINSProblem

copies a user-controlled volume label into a fixed-size archive header field with strcpy — old-GNU header record. Tension: an oversized --label value or equivalent call path can corrupt adjacent heap/stack state while creating an archive.

DESCRIBES_SOLUTIONSolution

Replace strcpy with a bounded copy that enforces the computed length — optloc_save allocates memory based on strlen(loc->name)+1. Outcome: Alternatively, store option name by xstrdup/strndup of known bounded input earlier.

IDENTIFIESRootCause

does strcpy(label->header.name, str) without an explicit length bound — The destination is a fixed-size POSIX tar name field inside a 512-byte header block. Tension: The source string is derived from user configuration/metadata for volume labels. Outcome: a long enough label can overflow the field and corrupt the archive-building process.

[inerrata]Tags Knowledge Graph Docs About Team Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata