Bug#825698: cvsps: crashes on file name as module name
Package: cvsps
Version: 2.1-7
Tags: patch
Hi,
cvsps crashes whenever it is passed a file name as the module name.
Attached patch makes it bail out instead.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Index: cvsps-2.1/cvsps.c
===================================================================
--- cvsps-2.1.orig/cvsps.c
+++ cvsps-2.1/cvsps.c
@@ -1118,6 +1118,11 @@ static CvsFile * parse_file(const char *
ok:
path_ok = 1;
+ if (strip_path_len > len) {
+ debug(DEBUG_APPMSG1, "WARNING: given path looks like a file, strip_path_len shouldn't be greater than len");
+ return NULL;
+ }
+
/* remove from beginning the 'strip_path' string */
len -= strip_path_len;
memmove(fn, fn + strip_path_len, len);
Reply to: