git-verify-pack: buffer overrun paranoia

Signed-off-by: Rene Scharfe <rene.scharfe@lsrfire.ath.cx> Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-08-10 17:02:36 +02:00 · 2006-08-10 17:02:36 +02:00 · f711ab5470
commit f711ab5470
parent d0d619c8c5
1 changed files with 9 additions and 0 deletions
--- a/verify-pack.c
+++ b/verify-pack.c
@ -26,6 +26,15 @@ static int verify_one_pack(const char *path, int verbose)
 		len += 4;
 	}

+	/*
+	 * add_packed_git() uses our buffer (containing "foo.idx") to
+	 * build the pack filename ("foo.pack").  Make sure it fits.
+	 */
+	if (len + 1 >= PATH_MAX) {
+		arg[len - 4] = '\0';
+		return error("name too long: %s.pack", arg);
+	}
+
 	pack = add_packed_git(arg, len, 1);
 	if (!pack)
 		return error("packfile %s not found.", arg);