is_git_directory() uses strcpy with pointer arithmitic, protect it from
overflowing. Even though we currently protect higher up when we have the
environment variable path passed in, we should protect the calls here.
Signed-off-by: Steven Michalske <smichalske@xxxxxxxxx>
---
setup.c | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/setup.c b/setup.c
index 7e04602..0080299 100644
--- a/setup.c
+++ b/setup.c
@@ -170,22 +170,24 @@ static int is_git_directory(const char *suspect)
char path[PATH_MAX];
size_t len = strlen(suspect);
- strcpy(path, suspect);
+ path[sizeof(path) - 1] = '\0';
+
+ strncpy(path, suspect, sizeof(path) - 1);
if (getenv(DB_ENVIRONMENT)) {
if (access(getenv(DB_ENVIRONMENT), X_OK))
return 0;
}
else {
- strcpy(path + len, "/objects");
+ strncpy(path + len, "/objects", sizeof(path) - len - 1);
if (access(path, X_OK))
return 0;
}
- strcpy(path + len, "/refs");
+ strncpy(path + len, "/refs", sizeof(path) - len - 1);
if (access(path, X_OK))
return 0;
- strcpy(path + len, "/HEAD");
+ strncpy(path + len, "/HEAD", sizeof(path) - len - 1);
if (validate_headref(path))
return 0;
--
1.7.0.3
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html