diff options
author | Dmitry Potapov <dpotapov@gmail.com> | 2008-07-16 19:39:55 +0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2008-07-16 14:05:50 -0700 |
commit | f66cf96d7c613a8129436a5d76ef7b74ee302436 (patch) | |
tree | 7581728bf4078e6f8cd00a2ace6430f7a5748dbb /attr.c | |
parent | fd55a19eb1d49ae54008d932a65f79cd6fda45c9 (diff) | |
download | git-f66cf96d7c613a8129436a5d76ef7b74ee302436.tar.gz git-f66cf96d7c613a8129436a5d76ef7b74ee302436.tar.xz |
Fix buffer overflow in prepare_attr_stack
If PATH_MAX on your system is smaller than a path stored in the git repo,
it may cause the buffer overflow in prepare_attr_stack.
Signed-off-by: Dmitry Potapov <dpotapov@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'attr.c')
-rw-r--r-- | attr.c | 15 |
1 files changed, 9 insertions, 6 deletions
@@ -459,7 +459,9 @@ static void prepare_attr_stack(const char *path, int dirlen) { struct attr_stack *elem, *info; int len; - char pathbuf[PATH_MAX]; + struct strbuf pathbuf; + + strbuf_init(&pathbuf, dirlen+2+strlen(GITATTRIBUTES_FILE)); /* * At the bottom of the attribute stack is the built-in @@ -510,13 +512,14 @@ static void prepare_attr_stack(const char *path, int dirlen) len = strlen(attr_stack->origin); if (dirlen <= len) break; - memcpy(pathbuf, path, dirlen); - memcpy(pathbuf + dirlen, "/", 2); - cp = strchr(pathbuf + len + 1, '/'); + strbuf_reset(&pathbuf); + strbuf_add(&pathbuf, path, dirlen); + strbuf_addch(&pathbuf, '/'); + cp = strchr(pathbuf.buf + len + 1, '/'); strcpy(cp + 1, GITATTRIBUTES_FILE); - elem = read_attr(pathbuf, 0); + elem = read_attr(pathbuf.buf, 0); *cp = '\0'; - elem->origin = strdup(pathbuf); + elem->origin = strdup(pathbuf.buf); elem->prev = attr_stack; attr_stack = elem; debug_push(elem); |