| commit | d677db86d9fa98b063846ed461312eb04fe23ba5 | [log] [tgz] |
|---|---|---|
| author | Andy Whitcroft <apw@shadowen.org> | Mon Jan 08 11:45:44 2007 +0000 |
| committer | Junio C Hamano <junkio@cox.net> | Mon Jan 08 14:45:54 2007 -0800 |
| tree | b4479be618158da4e9cf179fe7ff680e0d563ac0 | |
| parent | 4083c2fce86c777415a3bc0d5813bcb73f676f98 [diff] |
ssh-upload: prevent buffer overrun Prevent a client from overrunning the on stack ref buffer. Signed-off-by: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
diff --git a/ssh-upload.c b/ssh-upload.c index 0b52ae1..901e036 100644 --- a/ssh-upload.c +++ b/ssh-upload.c
@@ -67,7 +67,7 @@ int posn = 0; signed char remote = 0; do { - if (read(fd_in, ref + posn, 1) < 1) + if (posn >= PATH_MAX || read(fd_in, ref + posn, 1) < 1) return -1; posn++; } while (ref[posn - 1]);