diff options
| author | Antoine Pelisse <apelisse@gmail.com> | 2013-12-14 15:31:16 +0400 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2013-12-17 02:06:19 +0400 |
| commit | fc2b6214542a46f97d7067b2f7df530ed37737a7 (patch) | |
| tree | 9cccda70e6bd31c1a33880ca18e239c2eb8f89bf /abspath.c | |
| parent | d7aced95cd681b761468635f8d2a8b82d7ed26fd (diff) | |
Prevent buffer overflows when path is too long
Some buffers created with PATH_MAX length are not checked when being
written, and can overflow if PATH_MAX is not big enough to hold the
path.
Replace those buffers by strbufs so that their size is automatically
grown if necessary. They are created as static local variables to avoid
reallocating memory on each call. Note that prefix_filename() returns
this static buffer so each callers should copy or use the string
immediately (this is currently true).
Reported-by: Wataru Noguchi <wnoguchi.0727@gmail.com>
Signed-off-by: Antoine Pelisse <apelisse@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'abspath.c')
| -rw-r--r-- | abspath.c | 16 |
1 files changed, 9 insertions, 7 deletions
@@ -215,23 +215,25 @@ const char *absolute_path(const char *path) */ const char *prefix_filename(const char *pfx, int pfx_len, const char *arg) { - static char path[PATH_MAX]; + static struct strbuf path = STRBUF_INIT; #ifndef GIT_WINDOWS_NATIVE if (!pfx_len || is_absolute_path(arg)) return arg; - memcpy(path, pfx, pfx_len); - strcpy(path + pfx_len, arg); + strbuf_reset(&path); + strbuf_add(&path, pfx, pfx_len); + strbuf_addstr(&path, arg); #else char *p; /* don't add prefix to absolute paths, but still replace '\' by '/' */ + strbuf_reset(&path); if (is_absolute_path(arg)) pfx_len = 0; else if (pfx_len) - memcpy(path, pfx, pfx_len); - strcpy(path + pfx_len, arg); - for (p = path + pfx_len; *p; p++) + strbuf_add(&path, pfx, pfx_len); + strbuf_addstr(&path, arg); + for (p = path.buf + pfx_len; *p; p++) if (*p == '\\') *p = '/'; #endif - return path; + return path.buf; } |