Check size of path buffer before writing into it
authorGreg Brockman <gdb@MIT.EDU>
Tue, 20 Jul 2010 04:46:21 +0000 (00:46 -0400)
committerJunio C Hamano <gitster@pobox.com>
Tue, 20 Jul 2010 16:17:39 +0000 (09:17 -0700)
This prevents a buffer overrun that could otherwise be triggered by
creating a file called '.git' with contents

  gitdir: (something really long)

Signed-off-by: Greg Brockman <gdb@mit.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
setup.c

diff --git a/setup.c b/setup.c
index 0e4cfe603f1afe515365c9daf1ad8406de8e7fa8..3bb046118cb612b16f35fa016032d1486c6e7190 100644 (file)
--- a/setup.c
+++ b/setup.c
@@ -170,6 +170,8 @@ static int is_git_directory(const char *suspect)
        char path[PATH_MAX];
        size_t len = strlen(suspect);
 
+       if (PATH_MAX <= len + strlen("/objects"))
+               die("Too long path: %.*s", 60, suspect);
        strcpy(path, suspect);
        if (getenv(DB_ENVIRONMENT)) {
                if (access(getenv(DB_ENVIRONMENT), X_OK))