imap-send: avoid buffer overflow
authorJeff King <peff@peff.net>
Sat, 10 Dec 2011 10:40:45 +0000 (05:40 -0500)
committerJunio C Hamano <gitster@pobox.com>
Tue, 13 Dec 2011 00:09:38 +0000 (16:09 -0800)
We format the password prompt in an 80-character static
buffer. It contains the remote host and username, so it's
unlikely to overflow (or be exploitable by a remote
attacker), but there's no reason not to be careful and use
a strbuf.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
imap-send.c

index e1ad1a48ce3b8bd8517568a67477d8d0e32dfaa8..4c1e8971137d41960f3b8eced63d96f41dc603a1 100644 (file)
@@ -1209,9 +1209,10 @@ static struct store *imap_open_store(struct imap_server_conf *srvc)
                        goto bail;
                }
                if (!srvc->pass) {
-                       char prompt[80];
-                       sprintf(prompt, "Password (%s@%s): ", srvc->user, srvc->host);
-                       arg = git_getpass(prompt);
+                       struct strbuf prompt = STRBUF_INIT;
+                       strbuf_addf(&prompt, "Password (%s@%s): ", srvc->user, srvc->host);
+                       arg = git_getpass(prompt.buf);
+                       strbuf_release(&prompt);
                        if (!arg) {
                                perror("getpass");
                                exit(1);