blob: 62a8863ffbc16c7250539ea0af40afca1885dcb9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
|
diff -up cgit-0.8.2.1/git/setup.c.cve-2010-2542 cgit-0.8.2.1/git/setup.c
--- cgit-0.8.2.1/git/setup.c.cve-2010-2542 2009-01-25 19:48:26.000000000 -0500
+++ cgit-0.8.2.1/git/setup.c 2010-09-27 18:14:27.377427596 -0400
@@ -239,6 +239,8 @@ static int is_git_directory(const char *
char path[PATH_MAX];
size_t len = strlen(suspect);
+ if (PATH_MAX <= len + strlen("/objects"))
+ die("Too long path: %.*s", 60, suspect);
strcpy(path, suspect);
if (getenv(DB_ENVIRONMENT)) {
if (access(getenv(DB_ENVIRONMENT), X_OK))
|
