From d677db86d9fa98b063846ed461312eb04fe23ba5 Mon Sep 17 00:00:00 2001
From: Andy Whitcroft <apw@shadowen.org>
Date: Mon, 8 Jan 2007 11:45:44 +0000
Subject: [PATCH] ssh-upload: prevent buffer overrun

Prevent a client from overrunning the on stack ref buffer.

Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---
 ssh-upload.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssh-upload.c b/ssh-upload.c
index 0b52ae15cbd..901e0366df2 100644
--- a/ssh-upload.c
+++ b/ssh-upload.c
@@ -67,7 +67,7 @@ static int serve_ref(int fd_in, int fd_out)
 	int posn = 0;
 	signed char remote = 0;
 	do {
-		if (read(fd_in, ref + posn, 1) < 1)
+		if (posn >= PATH_MAX || read(fd_in, ref + posn, 1) < 1)
 			return -1;
 		posn++;
 	} while (ref[posn - 1]);