git-verify-pack: more careful path handling

Use strlcpy() to copy the filename into a buffer and complain if it
doesn't fit.  Also move the path buffer into verify_one_pack(); it is
used only there.  Now we can const'ify the first argument of this
function.

Signed-off-by: Rene Scharfe <rene.scharfe@lsrfire.ath.cx>
Signed-off-by: Junio C Hamano <junkio@cox.net>

diff --git a/verify-pack.c b/verify-pack.c
index 7201596bf948094979464eddc1000a1cd5cb2ae6..77b3d282dad6cb02f2d986e2e2497a38b22f8b5f 100644 (file)
--- a/verify-pack.c
+++ b/verify-pack.c
@@ -1,11 +1,16 @@
 #include "cache.h"
 #include "pack.h"
 
-static int verify_one_pack(char *arg, int verbose)
+static int verify_one_pack(const char *path, int verbose)
 {
-       int len = strlen(arg);
+       char arg[PATH_MAX];
+       int len;
        struct packed_git *g;
-       
+
+       len = strlcpy(arg, path, PATH_MAX);
+       if (len >= PATH_MAX)
+               return error("name too long: %s", path);
+
        while (1) {
                /* Should name foo.idx, but foo.pack may be named;
                 * convert it to foo.idx
@@ -37,8 +42,6 @@ int main(int ac, char **av)
        int nothing_done = 1;
 
        while (1 < ac) {
-               char path[PATH_MAX];
-
                if (!no_more_options && av[1][0] == '-') {
                        if (!strcmp("-v", av[1]))
                                verbose = 1;
@@ -48,8 +51,7 @@ int main(int ac, char **av)
                                usage(verify_pack_usage);
                }
                else {
-                       strcpy(path, av[1]);
-                       if (verify_one_pack(path, verbose))
+                       if (verify_one_pack(av[1], verbose))
                                errs++;
                        nothing_done = 0;
                }