Merge branch 'mh/maint-lockfile-overflow' into maint

* mh/maint-lockfile-overflow: lockfile: fix buffer overflow in path handling

Merge branch 'mh/maint-lockfile-overflow' into maint
* mh/maint-lockfile-overflow: lockfile: fix buffer overflow in path handling
dbed5935 · Junio C Hamano · 82ec54dc · 2fbd4f92 · dbed5935
显示空白变更内容
内联并排

Showing with 6 addition and 4 deletion

lockfile.c lockfile.c +6 -4

未找到文件。
--- a/lockfile.c
+++ b/lockfile.c
@@ -124,15 +124,17 @@ static char *resolve_symlink(char *p, size_t s)

 static int lock_file(struct lock_file *lk, const char *path, int flags)
 {
-	if (strlen(path) >= sizeof(lk->filename))
-		return -1;
-	strcpy(lk->filename, path);
 	/*
 	 * subtract 5 from size to make sure there's room for adding
 	 * ".lock" for the lock file name
 	 */
+	static const size_t max_path_len = sizeof(lk->filename) - 5;
+
+	if (strlen(path) >= max_path_len)
+		return -1;
+	strcpy(lk->filename, path);
 	if (!(flags & LOCK_NODEREF))
-		resolve_symlink(lk->filename, sizeof(lk->filename)-5);
+		resolve_symlink(lk->filename, max_path_len);
 	strcat(lk->filename, ".lock");
 	lk->fd = open(lk->filename, O_RDWR | O_CREAT | O_EXCL, 0666);
 	if (0 <= lk->fd) {