diff options
| author | Gary Capell <gary@commsecure.com.au> | 2007-01-16 11:29:48 +1100 |
|---|---|---|
| committer | Yann Dirson <ydirson@altern.org> | 2008-03-31 16:09:13 +0200 |
| commit | cb552aff68b69c5cd8bd12206c6593bf21cecbf9 (patch) | |
| tree | 08073cbb349635dd104056f8d09c11dbffd53f6c | |
| parent | b51b03196c338d94a38310786974db7ccd8dadec (diff) | |
| download | cvsps-cb552aff68b69c5cd8bd12206c6593bf21cecbf9.tar.gz | |
Fix buffer overflow in cvsps if a log message line is longer than BUFSIZ
| -rw-r--r-- | cvs_direct.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/cvs_direct.c b/cvs_direct.c index a5ad67f..caf1dce 100644 --- a/cvs_direct.c +++ b/cvs_direct.c @@ -664,6 +664,7 @@ static int refill_buffer(CvsServerCtx * ctx) static int read_line(CvsServerCtx * ctx, char * p) { int len = 0; + char *pSentinel = p + BUFSIZ -2; while (1) { if (ctx->head == ctx->tail) @@ -672,7 +673,7 @@ static int read_line(CvsServerCtx * ctx, char * p) *p = *ctx->head++; - if (*p == '\n') + if (*p == '\n' || p == pSentinel) { *p = 0; break; |