From d6859901012535b3781e5332923ede51d5977395 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Tue, 30 May 2006 18:58:52 +0400 Subject: [PATCH] execv_git_cmd: Fix stack buffer overflow. Signed-off-by: Dmitry V. Levin Signed-off-by: Junio C Hamano --- exec_cmd.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/exec_cmd.c b/exec_cmd.c index 44bb2f23de926d..12eb36494ca467 100644 --- a/exec_cmd.c +++ b/exec_cmd.c @@ -32,12 +32,14 @@ const char *git_exec_path(void) int execv_git_cmd(const char **argv) { char git_command[PATH_MAX + 1]; - int len, i; + int i; const char *paths[] = { current_exec_path, getenv("GIT_EXEC_PATH"), builtin_exec_path }; for (i = 0; i < ARRAY_SIZE(paths); ++i) { + size_t len; + int rc; const char *exec_dir = paths[i]; const char *tmp; @@ -46,8 +48,9 @@ int execv_git_cmd(const char **argv) if (*exec_dir != '/') { if (!getcwd(git_command, sizeof(git_command))) { fprintf(stderr, "git: cannot determine " - "current directory\n"); - exit(1); + "current directory: %s\n", + strerror(errno)); + break; } len = strlen(git_command); @@ -57,17 +60,28 @@ int execv_git_cmd(const char **argv) while (*exec_dir == '/') exec_dir++; } - snprintf(git_command + len, sizeof(git_command) - len, - "/%s", exec_dir); + + rc = snprintf(git_command + len, + sizeof(git_command) - len, "/%s", + exec_dir); + if (rc < 0 || rc >= sizeof(git_command) - len) { + fprintf(stderr, "git: command name given " + "is too long.\n"); + break; + } } else { + if (strlen(exec_dir) + 1 > sizeof(git_command)) { + fprintf(stderr, "git: command name given " + "is too long.\n"); + break; + } strcpy(git_command, exec_dir); } len = strlen(git_command); - len += snprintf(git_command + len, sizeof(git_command) - len, - "/git-%s", argv[0]); - - if (sizeof(git_command) <= len) { + rc = snprintf(git_command + len, sizeof(git_command) - len, + "/git-%s", argv[0]); + if (rc < 0 || rc >= sizeof(git_command) - len) { fprintf(stderr, "git: command name given is too long.\n"); break;