aboutsummaryrefslogtreecommitdiffstats
path: root/cgit.c
diff options
context:
space:
mode:
authorJason A. Donenfeld2018-07-14 05:09:27 +0200
committerJason A. Donenfeld2018-07-14 05:09:27 +0200
commit93a2c3305190ca87cc1a6c98868c251ef67c3f37 (patch)
tree9d38211667459409b313c223086439b01489e440 /cgit.c
parentc3b5b5f648d953307672a4b30e9222787668f708 (diff)
downloadcgit-93a2c3305190ca87cc1a6c98868c251ef67c3f37.tar.gz
cgit-93a2c3305190ca87cc1a6c98868c251ef67c3f37.tar.bz2
cgit-93a2c3305190ca87cc1a6c98868c251ef67c3f37.zip
auth-filter: do not write more than we've read
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'cgit.c')
-rw-r--r--cgit.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/cgit.c b/cgit.c
index e2d7891..fda0aa4 100644
--- a/cgit.c
+++ b/cgit.c
@@ -659,13 +659,13 @@ static inline void open_auth_filter(const char *function)
659static inline void authenticate_post(void) 659static inline void authenticate_post(void)
660{ 660{
661 char buffer[MAX_AUTHENTICATION_POST_BYTES]; 661 char buffer[MAX_AUTHENTICATION_POST_BYTES];
662 unsigned int len; 662 ssize_t len;
663 663
664 open_auth_filter("authenticate-post"); 664 open_auth_filter("authenticate-post");
665 len = ctx.env.content_length; 665 len = ctx.env.content_length;
666 if (len > MAX_AUTHENTICATION_POST_BYTES) 666 if (len > MAX_AUTHENTICATION_POST_BYTES)
667 len = MAX_AUTHENTICATION_POST_BYTES; 667 len = MAX_AUTHENTICATION_POST_BYTES;
668 if (read(STDIN_FILENO, buffer, len) < 0) 668 if ((len = read(STDIN_FILENO, buffer, len)) < 0)
669 die_errno("Could not read POST from stdin"); 669 die_errno("Could not read POST from stdin");
670 if (write(STDOUT_FILENO, buffer, len) < 0) 670 if (write(STDOUT_FILENO, buffer, len) < 0)
671 die_errno("Could not write POST to stdout"); 671 die_errno("Could not write POST to stdout");