From: Alex Riesen <raa.lkml@gmail.com>
Date: Mon, 27 Oct 2008 10:11:40 +0000 (+0100)
Subject: Fix potentially dangerous use of git_path in ref.c
X-Git-Tag: v1.6.0.4~4^2~2
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;h=958a4789e0e74da245175e31bd3b9b354ee0e063;p=git.git

Fix potentially dangerous use of git_path in ref.c

Signed-off-by: Junio C Hamano <gitster@pobox.com>
---

diff --git a/refs.c b/refs.c
index 39a3b2380..71443cdf8 100644
--- a/refs.c
+++ b/refs.c
@@ -401,7 +401,7 @@ const char *resolve_ref(const char *ref, unsigned char *sha1, int reading, int *
 		*flag = 0;
 
 	for (;;) {
-		const char *path = git_path("%s", ref);
+		char path[PATH_MAX];
 		struct stat st;
 		char *buf;
 		int fd;
@@ -409,6 +409,7 @@ const char *resolve_ref(const char *ref, unsigned char *sha1, int reading, int *
 		if (--depth < 0)
 			return NULL;
 
+		git_snpath(path, sizeof(path), "%s", ref);
 		/* Special case: non-existing file.
 		 * Not having the refs/heads/new-branch is OK
 		 * if we are writing into it, so is .git/HEAD
@@ -1121,13 +1122,14 @@ static int log_ref_write(const char *ref_name, const unsigned char *old_sha1,
 	int logfd, written, oflags = O_APPEND | O_WRONLY;
 	unsigned maxlen, len;
 	int msglen;
-	char *log_file, *logrec;
+	char log_file[PATH_MAX];
+	char *logrec;
 	const char *committer;
 
 	if (log_all_ref_updates < 0)
 		log_all_ref_updates = !is_bare_repository();
 
-	log_file = git_path("logs/%s", ref_name);
+	git_snpath(log_file, sizeof(log_file), "logs/%s", ref_name);
 
 	if (log_all_ref_updates &&
 	    (!prefixcmp(ref_name, "refs/heads/") ||