Commit 7707caaf474eccc1112f62b9d86a6dd240917b58
2019-06-28T16:42:21
Prevent possible buffer overflow Could happen if the path to git.exe is near to MAX_PATH and we append a longer subdir such as "share/git-core" to it. Signed-off-by: Sven Strickroth <email@cs-ware.de>
diff --git a/src/win32/findfile.c b/src/win32/findfile.c
index d4afc4a..e31ff97 100644
--- a/src/win32/findfile.c
+++ b/src/win32/findfile.c
@@ -93,7 +93,7 @@ static int win32_find_git_in_path(git_str *buf, const wchar_t *gitexe, const wch
continue;
wcscpy(&root.path[root.len], gitexe);
- if (_waccess(root.path, F_OK) == 0 && root.len > 5) {
+ if (_waccess(root.path, F_OK) == 0 && root.len > 5 && (root.len - 4 + wcslen(subdir) < MAX_PATH)) {
/* replace "bin\\" or "cmd\\" with subdir */
wcscpy(&root.path[root.len - 4], subdir);