commit 99b94ad7a7280ebcb23a103b28c81900bbe250ee
from: Omar Polo <op@omarpolo.com>
date: Mon Jun 13 20:30:09 2022 UTC

got patch: ensure new and old paths are NUL-terminated

commit - eb7b30a1caf056832bec7619ececf88efa18f6bd
commit + 99b94ad7a7280ebcb23a103b28c81900bbe250ee
blob - 5567c9d7af0b485bd3e050850d053f429d2f1fb1
blob + 8555dfbb15f6eeaf0b1eaf4aada31bf6675208b9
--- lib/patch.c
+++ lib/patch.c
@@ -175,6 +175,12 @@ recv_patch(struct imsgbuf *ibuf, int *done, struct got
 		goto done;
 	}
 	memcpy(&patch, imsg.data, sizeof(patch));
+
+	if (patch.old[sizeof(patch.old)-1] != '\0' ||
+	    patch.new[sizeof(patch.new)-1] != '\0') {
+		err = got_error(GOT_ERR_PRIVSEP_LEN);
+		goto done;
+	}
 
 	/* automatically set strip=1 for git-style diffs */
 	if (strip == -1 && patch.git &&