diff options
| author | Andy Whitcroft <apw@shadowen.org> | 2007-01-08 11:45:44 +0000 |
|---|---|---|
| committer | Junio C Hamano <junkio@cox.net> | 2007-01-08 14:45:54 -0800 |
| commit | d677db86d9fa98b063846ed461312eb04fe23ba5 (patch) | |
| tree | b4479be618158da4e9cf179fe7ff680e0d563ac0 /ssh-upload.c | |
| parent | 4083c2fce86c777415a3bc0d5813bcb73f676f98 (diff) | |
| download | git-d677db86d9fa98b063846ed461312eb04fe23ba5.tar.gz git-d677db86d9fa98b063846ed461312eb04fe23ba5.tar.xz | |
ssh-upload: prevent buffer overrun
Prevent a client from overrunning the on stack ref buffer.
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
Diffstat (limited to 'ssh-upload.c')
| -rw-r--r-- | ssh-upload.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ssh-upload.c b/ssh-upload.c index 0b52ae15c..901e0366d 100644 --- a/ssh-upload.c +++ b/ssh-upload.c @@ -67,7 +67,7 @@ static int serve_ref(int fd_in, int fd_out) int posn = 0; signed char remote = 0; do { - if (read(fd_in, ref + posn, 1) < 1) + if (posn >= PATH_MAX || read(fd_in, ref + posn, 1) < 1) return -1; posn++; } while (ref[posn - 1]); |