Thomas Jarosch, 09.04.2009:
> Hello together,
>
> attached is a small patch to fix a buffer overflow in config.c.
> Patch is against git master's HEAD.
>
> I didn't send this one inline as I wanted to
> preserve the 1024+ byte long line.
You could send the patch inline and attach the example config.
> diff --git a/config.c b/config.c
> index b76fe4c..a9c67e8 100644
> --- a/config.c
> +++ b/config.c
> @@ -72,7 +72,7 @@ static char *parse_value(void)
> }
> }
> if (space) {
> - if (len)
> + if (len && len < sizeof(value)-1)
> value[len++] = ' ';
> space = 0;
> }
At the beginning of the for loop, there is already an overflow guard.
if (len >= sizeof(value))
return NULL;
It would probably be better to fix it at this place.
if (len >= sizeof(value)-1)
return NULL;
Markus
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html