From 0acda3abb713d13ee9c7778766a1fff5bbfdd87e Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 16 Sep 2024 20:27:01 +0200
Subject: Merging upstream version 256.5.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 src/import/import-tar.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/import/import-tar.c')

diff --git a/src/import/import-tar.c b/src/import/import-tar.c
index 39df11b..976c918 100644
--- a/src/import/import-tar.c
+++ b/src/import/import-tar.c
@@ -276,6 +276,11 @@ static int tar_import_process(TarImport *i) {
                 goto finish;
         }
 
+        if ((size_t) l > sizeof(i->buffer) - i->buffer_size) {
+                r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Read input file exceeded maximum size.");
+                goto finish;
+        }
+
         i->buffer_size += l;
 
         if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) {
-- 
cgit v1.2.3