This just makes sure that when we do a read_directory(), we check that the filename fits in the buffer we allocated (with a bit of slop) Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> --- dir.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/dir.c b/dir.c index 7426fde..4f5a224 100644 --- a/dir.c +++ b/dir.c @@ -353,6 +353,9 @@ static int read_directory_recursive(struct dir_struct *dir, const char *path, co !strcmp(de->d_name + 1, "git"))) continue; len = strlen(de->d_name); + /* Ignore overly long pathnames! */ + if (len + baselen + 8 > sizeof(fullname)) + continue; memcpy(fullname + baselen, de->d_name, len+1); if (simplify_away(fullname, baselen + len, simplify)) continue; -- 1.5.1.110.g1e4c - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html