Andrew's git
/
gitweb.git
/ diff
summary
|
log
|
commit
| diff |
tree
commit
grep
author
committer
pickaxe
?
re
Fix buffer overflow in prepare_attr_stack
author
Dmitry Potapov
<dpotapov@gmail.com>
Wed, 16 Jul 2008 15:39:55 +0000
(19:39 +0400)
committer
Junio C Hamano
<gitster@pobox.com>
Wed, 16 Jul 2008 21:05:50 +0000
(14:05 -0700)
If PATH_MAX on your system is smaller than a path stored in the git repo,
it may cause the buffer overflow in prepare_attr_stack.
Signed-off-by: Dmitry Potapov <dpotapov@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
attr.c
patch
|
blob
|
history
raw
|
patch
|
inline
| side by side (parent:
fd55a19
)
diff --git
a/attr.c
b/attr.c
index 0fb47d34346ca96addde5cb3722fa5e586057285..17f6a4dca521d9690377f2e93a0192d8a874d2ad 100644
(file)
--- a/
attr.c
+++ b/
attr.c
@@
-459,7
+459,9
@@
static void prepare_attr_stack(const char *path, int dirlen)
{
struct attr_stack *elem, *info;
int len;
{
struct attr_stack *elem, *info;
int len;
- char pathbuf[PATH_MAX];
+ struct strbuf pathbuf;
+
+ strbuf_init(&pathbuf, dirlen+2+strlen(GITATTRIBUTES_FILE));
/*
* At the bottom of the attribute stack is the built-in
/*
* At the bottom of the attribute stack is the built-in
@@
-510,13
+512,14
@@
static void prepare_attr_stack(const char *path, int dirlen)
len = strlen(attr_stack->origin);
if (dirlen <= len)
break;
len = strlen(attr_stack->origin);
if (dirlen <= len)
break;
- memcpy(pathbuf, path, dirlen);
- memcpy(pathbuf + dirlen, "/", 2);
- cp = strchr(pathbuf + len + 1, '/');
+ strbuf_reset(&pathbuf);
+ strbuf_add(&pathbuf, path, dirlen);
+ strbuf_addch(&pathbuf, '/');
+ cp = strchr(pathbuf.buf + len + 1, '/');
strcpy(cp + 1, GITATTRIBUTES_FILE);
strcpy(cp + 1, GITATTRIBUTES_FILE);
- elem = read_attr(pathbuf, 0);
+ elem = read_attr(pathbuf
.buf
, 0);
*cp = '\0';
*cp = '\0';
- elem->origin = strdup(pathbuf);
+ elem->origin = strdup(pathbuf
.buf
);
elem->prev = attr_stack;
attr_stack = elem;
debug_push(elem);
elem->prev = attr_stack;
attr_stack = elem;
debug_push(elem);