From: Andy Whitcroft <apw@shadowen.org>
Date: Mon, 8 Jan 2007 11:45:44 +0000 (+0000)
Subject: ssh-upload: prevent buffer overrun
X-Git-Tag: v1.5.0-rc1~52
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;h=d677db86d9fa98b063846ed461312eb04fe23ba5;p=git.git

ssh-upload: prevent buffer overrun

Prevent a client from overrunning the on stack ref buffer.

Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---

diff --git a/ssh-upload.c b/ssh-upload.c
index 0b52ae15c..901e0366d 100644
--- a/ssh-upload.c
+++ b/ssh-upload.c
@@ -67,7 +67,7 @@ static int serve_ref(int fd_in, int fd_out)
 	int posn = 0;
 	signed char remote = 0;
 	do {
-		if (read(fd_in, ref + posn, 1) < 1)
+		if (posn >= PATH_MAX || read(fd_in, ref + posn, 1) < 1)
 			return -1;
 		posn++;
 	} while (ref[posn - 1]);