commit ca357dd90579bd69da583a03adbb873b320e7c79
from: Omar Polo <op@omarpolo.com>
via: Thomas Adam <thomas@xteddy.org>
date: Thu Jun 23 14:09:34 2022 UTC

got patch: ensure new and old paths are NUL-terminated

commit - eee80a61bfd69cf6fe6683d587d454fa4aaec936
commit + ca357dd90579bd69da583a03adbb873b320e7c79
blob - a1a6e6cc16f5af1f3f7f634010c8ae050814f186
blob + b5c27042841610fc959ed00b6037fbdb22a9237e
--- lib/patch.c
+++ lib/patch.c
@@ -172,6 +172,12 @@ recv_patch(struct imsgbuf *ibuf, int *done, struct got
 		goto done;
 	}
 	memcpy(&patch, imsg.data, sizeof(patch));
+
+	if (patch.old[sizeof(patch.old)-1] != '\0' ||
+	    patch.new[sizeof(patch.new)-1] != '\0') {
+		err = got_error(GOT_ERR_PRIVSEP_LEN);
+		goto done;
+	}
 
 	/* automatically set strip=1 for git-style diffs */
 	if (strip == -1 && patch.git &&