ssh-upload: prevent buffer overrun
authorAndy Whitcroft <apw@shadowen.org>
Mon, 8 Jan 2007 11:45:44 +0000 (11:45 +0000)
committerJunio C Hamano <junkio@cox.net>
Mon, 8 Jan 2007 22:45:54 +0000 (14:45 -0800)
Prevent a client from overrunning the on stack ref buffer.

Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
ssh-upload.c

index 0b52ae15cbd216bff5002c89e0c8af84ea68ed1a..901e0366df25f23530e68237eabe59891a5b78d7 100644 (file)
@@ -67,7 +67,7 @@ static int serve_ref(int fd_in, int fd_out)
        int posn = 0;
        signed char remote = 0;
        do {
-               if (read(fd_in, ref + posn, 1) < 1)
+               if (posn >= PATH_MAX || read(fd_in, ref + posn, 1) < 1)
                        return -1;
                posn++;
        } while (ref[posn - 1]);