git_mkstemp(): be careful not to overflow the path buffer.

If user's TMPDIR is insanely long, return negative after
setting errno to ENAMETOOLONG, pretending that the underlying
mkstemp() choked on a temporary file path that is too long.

Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/diff.c b/diff.c
index cd6b0c4e0bb5efad828fa29e92e8729418401080..a5fc56bdad5d96b2a4e0e1140206b8367a257867 100644 (file)
--- a/diff.c
+++ b/diff.c
@@ -1695,7 +1695,7 @@ static void prep_temp_blob(struct diff_tempfile *temp,
 
        fd = git_mkstemp(temp->tmp_path, PATH_MAX, ".diff_XXXXXX");
        if (fd < 0)
-               die("unable to create temp-file");
+               die("unable to create temp-file: %s", strerror(errno));
        if (write_in_full(fd, blob, size) != size)
                die("unable to write temp-file");
        close(fd);

diff --git a/path.c b/path.c
index c4ce96236ae043b4d997536174936abb6ac40207..dfff41f62668709e80cc54f816394303e8f6cefc 100644 (file)
--- a/path.c
+++ b/path.c
@@ -71,21 +71,17 @@ char *git_path(const char *fmt, ...)
 /* git_mkstemp() - create tmp file honoring TMPDIR variable */
 int git_mkstemp(char *path, size_t len, const char *template)
 {
-       char *env, *pch = path;
-
-       if ((env = getenv("TMPDIR")) == NULL) {
-               strcpy(pch, "/tmp/");
-               len -= 5;
-               pch += 5;
-       } else {
-               size_t n = snprintf(pch, len, "%s/", env);
-
-               len -= n;
-               pch += n;
+       const char *tmp;
+       size_t n;
+
+       tmp = getenv("TMPDIR");
+       if (!tmp)
+               tmp = "/tmp";
+       n = snprintf(path, len, "%s/%s", tmp, template);
+       if (len <= n) {
+               errno = ENAMETOOLONG;
+               return -1;
        }
-
-       strlcpy(pch, template, len);
-
        return mkstemp(path);
 }