ssh-upload: prevent buffer overrun

Prevent a client from overrunning the on stack ref buffer. Signed-off-by: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
2025-03-19 23:48:46 +00:00 · 2007-01-08 11:45:44 +00:00 · 2007-01-08 11:45:44 +00:00 · d677db86d9
commit d677db86d9
parent 4083c2fce8
1 changed files with 1 additions and 1 deletions
--- a/ssh-upload.c
+++ b/ssh-upload.c
@ -67,7 +67,7 @@ static int serve_ref(int fd_in, int fd_out)
 	int posn = 0;
 	signed char remote = 0;
 	do {
-		if (read(fd_in, ref + posn, 1) < 1)
+		if (posn >= PATH_MAX || read(fd_in, ref + posn, 1) < 1)
 			return -1;
 		posn++;
 	} while (ref[posn - 1]);