ssh-upload: prevent buffer overrun

Prevent a client from overrunning the on stack ref buffer.

Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>

diff --git a/ssh-upload.c b/ssh-upload.c
index 0b52ae15cbd216bff5002c89e0c8af84ea68ed1a..901e0366df25f23530e68237eabe59891a5b78d7 100644 (file)
--- a/ssh-upload.c
+++ b/ssh-upload.c
@@ -67,7 +67,7 @@ static int serve_ref(int fd_in, int fd_out)
        int posn = 0;
        signed char remote = 0;
        do {
-               if (read(fd_in, ref + posn, 1) < 1)
+               if (posn >= PATH_MAX || read(fd_in, ref + posn, 1) < 1)
                        return -1;
                posn++;
        } while (ref[posn - 1]);