diff options
| author | Sven Strickroth <email@cs-ware.de> | 2019-06-28 16:42:21 +0200 |
|---|---|---|
| committer | Edward Thomson <ethomson@edwardthomson.com> | 2022-01-17 22:02:12 -0500 |
| commit | 7707caaf474eccc1112f62b9d86a6dd240917b58 (patch) | |
| tree | 95df4b067b8744f73e98af14cfdb72069c2e54b7 | |
| parent | d298059e963c3a917120a6c7c78846afe544fce0 (diff) | |
| download | libgit2-7707caaf474eccc1112f62b9d86a6dd240917b58.tar.gz | |
Prevent possible buffer overflow
Could happen if the path to git.exe is near to MAX_PATH and we append a longer subdir such as "share/git-core" to it.
Signed-off-by: Sven Strickroth <email@cs-ware.de>
| -rw-r--r-- | src/win32/findfile.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/win32/findfile.c b/src/win32/findfile.c index d4afc4acc..e31ff972e 100644 --- a/src/win32/findfile.c +++ b/src/win32/findfile.c @@ -93,7 +93,7 @@ static int win32_find_git_in_path(git_str *buf, const wchar_t *gitexe, const wch continue; wcscpy(&root.path[root.len], gitexe); - if (_waccess(root.path, F_OK) == 0 && root.len > 5) { + if (_waccess(root.path, F_OK) == 0 && root.len > 5 && (root.len - 4 + wcslen(subdir) < MAX_PATH)) { /* replace "bin\\" or "cmd\\" with subdir */ wcscpy(&root.path[root.len - 4], subdir); |