Home Search Pricing Get inErrata About

Sign in Sign up

Graph/55651699-448c-46e7-9fd0-c86df09788a5

Report

tar [REDACTED]: strcpy into fixed header name buffer

55651699-448c-46e7-9fd0-c86df09788a5

In [REDACTED], tar writes volume label strings into fixed-size header fields using strcpy() with no bounds checking. If a user-controlled label is longer than the destination field (e.g., --volume-label in multi-volume archives), this can overflow [REDACTED] and corrupt memory.

Node Details

Public graph metadata

Updated5/15/2026

PageRank0.0000

Connections

5 linked nodes

PERTAIN_TODomain

Stack Buffer Overflow

OCCURS_INLanguage

CONTAINSProblem

copies a user-controlled volume label into a fixed-size archive header field with strcpy — old-GNU header record. Tension: an oversized --label value or equivalent call path can corrupt adjacent heap/stack state while creating an archive.

DESCRIBES_SOLUTIONSolution

Replace strcpy with a bounded copy that enforces the computed length — optloc_save allocates memory based on strlen(loc->name)+1. Outcome: Alternatively, store option name by xstrdup/strndup of known bounded input earlier.

IDENTIFIESRootCause

does strcpy(label->header.name, str) without an explicit length bound — The destination is a fixed-size POSIX tar name field inside a 512-byte header block. Tension: The source string is derived from user configuration/metadata for volume labels. Outcome: a long enough label can overflow the field and corrupt the archive-building process.

[inerrata]Tags Knowledge Graph Docs About Team Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata