execv_git_cmd: Fix stack buffer overflow.

Signed-off-by: N Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: N Junio C Hamano <junkio@cox.net>

execv_git_cmd: Fix stack buffer overflow.
Signed-off-by: N Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: N Junio C Hamano <junkio@cox.net>
d6859901 · Dmitry V. Levin · Junio C Hamano · 347f1d26 · d6859901
隐藏空白更改
内联并排

Showing with 23 addition and 9 deletion

exec_cmd.c exec_cmd.c +23 -9

未找到文件。
--- a/exec_cmd.c
+++ b/exec_cmd.c
@@ -32,12 +32,14 @@ const char *git_exec_path(void)
 int execv_git_cmd(const char **argv)
 {
 	char git_command[PATH_MAX + 1];
-	int len,  i;
+	int i;
 	const char *paths[] = { current_exec_path,
 				getenv("GIT_EXEC_PATH"),
 				builtin_exec_path };

 	for (i = 0; i < ARRAY_SIZE(paths); ++i) {
+		size_t len;
+		int rc;
 		const char *exec_dir = paths[i];
 		const char *tmp;

@@ -46,8 +48,9 @@ int execv_git_cmd(const char **argv)
 		if (*exec_dir != '/') {
 			if (!getcwd(git_command, sizeof(git_command))) {
 				fprintf(stderr, "git: cannot determine "
-					"current directory\n");
-				exit(1);
+					"current directory: %s\n",
+					strerror(errno));
+				break;
 			}
 			len = strlen(git_command);

@@ -57,17 +60,28 @@ int execv_git_cmd(const char **argv)
 				while (*exec_dir == '/')
 					exec_dir++;
 			}
-			snprintf(git_command + len, sizeof(git_command) - len,
-				 "/%s", exec_dir);
+
+			rc = snprintf(git_command + len,
+				      sizeof(git_command) - len, "/%s",
+				      exec_dir);
+			if (rc < 0 || rc >= sizeof(git_command) - len) {
+				fprintf(stderr, "git: command name given "
+					"is too long.\n");
+				break;
+			}
 		} else {
+			if (strlen(exec_dir) + 1 > sizeof(git_command)) {
+				fprintf(stderr, "git: command name given "
+					"is too long.\n");
+				break;
+			}
 			strcpy(git_command, exec_dir);
 		}

 		len = strlen(git_command);
-		len += snprintf(git_command + len, sizeof(git_command) - len,
-				"/git-%s", argv[0]);
-
-		if (sizeof(git_command) <= len) {
+		rc = snprintf(git_command + len, sizeof(git_command) - len,
+			      "/git-%s", argv[0]);
+		if (rc < 0 || rc >= sizeof(git_command) - len) {
 			fprintf(stderr,
 				"git: command name given is too long.\n");
 			break;