diff options
author | Jeff King <peff@peff.net> | 2011-12-08 05:25:54 -0500 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2011-12-13 21:09:06 -0800 |
commit | c3ea051544cb1d98a5ae7f64d077084a9a5db5c1 (patch) | |
tree | 949d8dc8bed5d4647af0f41ac37b462f4c1163e5 | |
parent | c2857fb8b7903b2bba9217310971e5282549174d (diff) | |
download | git-c3ea051544cb1d98a5ae7f64d077084a9a5db5c1.tar.gz |
blame: don't overflow time buffer
When showing the raw timestamp, we format the numeric
seconds-since-epoch into a buffer, followed by the timezone
string. This string has come straight from the commit
object. A well-formed object should have a timezone string
of only a few bytes, but we could be operating on data
pushed by a malicious user.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | builtin/blame.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/builtin/blame.c b/builtin/blame.c index 26a5d424b8..3e1f7e1e45 100644 --- a/builtin/blame.c +++ b/builtin/blame.c @@ -1598,7 +1598,7 @@ static const char *format_time(unsigned long time, const char *tz_str, int tz; if (show_raw_time) { - sprintf(time_buf, "%lu %s", time, tz_str); + snprintf(time_buf, sizeof(time_buf), "%lu %s", time, tz_str); } else { tz = atoi(tz_str); |