summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndy Whitcroft <apw@shadowen.org>2007-01-08 11:45:44 (GMT)
committerJunio C Hamano <junkio@cox.net>2007-01-08 22:45:54 (GMT)
commitd677db86d9fa98b063846ed461312eb04fe23ba5 (patch)
treeb4479be618158da4e9cf179fe7ff680e0d563ac0
parent4083c2fce86c777415a3bc0d5813bcb73f676f98 (diff)
downloadgit-d677db86d9fa98b063846ed461312eb04fe23ba5.zip
git-d677db86d9fa98b063846ed461312eb04fe23ba5.tar.gz
git-d677db86d9fa98b063846ed461312eb04fe23ba5.tar.bz2
ssh-upload: prevent buffer overrun
Prevent a client from overrunning the on stack ref buffer. Signed-off-by: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
-rw-r--r--ssh-upload.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/ssh-upload.c b/ssh-upload.c
index 0b52ae1..901e036 100644
--- a/ssh-upload.c
+++ b/ssh-upload.c
@@ -67,7 +67,7 @@ static int serve_ref(int fd_in, int fd_out)
int posn = 0;
signed char remote = 0;
do {
- if (read(fd_in, ref + posn, 1) < 1)
+ if (posn >= PATH_MAX || read(fd_in, ref + posn, 1) < 1)
return -1;
posn++;
} while (ref[posn - 1]);