git-verify-pack: buffer overrun paranoia

author Rene Scharfe <rene.scharfe@lsrfire.ath.cx>

Thu, 10 Aug 2006 15:02:36 +0000 (17:02 +0200)

committer Junio C Hamano <junkio@cox.net>

Thu, 10 Aug 2006 21:15:55 +0000 (14:15 -0700)
author Rene Scharfe <rene.scharfe@lsrfire.ath.cx>
Thu, 10 Aug 2006 15:02:36 +0000 (17:02 +0200)
committer Junio C Hamano <junkio@cox.net>
Thu, 10 Aug 2006 21:15:55 +0000 (14:15 -0700)
diff --git a/verify-pack.c b/verify-pack.c

index 78d789c62d9f80c21f701d65594f8b7c994e2e8b..99c352ee3a48b03c724d7abcbe60e7136083bf71 100644 (file)
--- a/verify-pack.c
+++ b/verify-pack.c
@@ -26,6 +26,15 @@ static int verify_one_pack(const char *path, int verbose)
                 len += 4;
         }
  
+       /*
+        * add_packed_git() uses our buffer (containing "foo.idx") to
+        * build the pack filename ("foo.pack").  Make sure it fits.
+        */
+       if (len + 1 >= PATH_MAX) {
+               arg[len - 4] = '\0';
+               return error("name too long: %s.pack", arg);
+       }
+
         pack = add_packed_git(arg, len, 1);
         if (!pack)
                 return error("packfile %s not found.", arg);
author	Rene Scharfe <rene.scharfe@lsrfire.ath.cx>
	Thu, 10 Aug 2006 15:02:36 +0000 (17:02 +0200)
committer	Junio C Hamano <junkio@cox.net>
	Thu, 10 Aug 2006 21:15:55 +0000 (14:15 -0700)