Prevent possible buffer overflow

Could happen if the path to git.exe is near to MAX_PATH and we append a longer subdir such as "share/git-core" to it. Signed-off-by: Sven Strickroth <email@cs-ware.de>

Prevent possible buffer overflow
Could happen if the path to git.exe is near to MAX_PATH and we append a longer subdir such as "share/git-core" to it. Signed-off-by: Sven Strickroth <email@cs-ware.de>
7707caaf · Sven Strickroth · Edward Thomson · d298059e · 7707caaf
Commit 7707caaf authored Jun 28, 2019 by Sven Strickroth Committed by Edward Thomson Jan 17, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 1 deletions

src/win32/findfile.c
+1 -1

No files found.
--- a/src/win32/findfile.c
+++ b/src/win32/findfile.c
@@ -93,7 +93,7 @@ static int win32_find_git_in_path(git_str *buf, const wchar_t *gitexe, const wch
 			continue;
 		wcscpy(&root.path[root.len], gitexe);

-		if (_waccess(root.path, F_OK) == 0 && root.len > 5) {
+		if (_waccess(root.path, F_OK) == 0 && root.len > 5 && (root.len - 4 + wcslen(subdir) < MAX_PATH)) {
 			/* replace "bin\\" or "cmd\\" with subdir */
 			wcscpy(&root.path[root.len - 4], subdir);