diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-07-14 03:09:27 +0000 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-07-14 03:09:27 +0000 |
commit | 93a2c3305190ca87cc1a6c98868c251ef67c3f37 (patch) | |
tree | 9d38211667459409b313c223086439b01489e440 | |
parent | c3b5b5f648d953307672a4b30e9222787668f708 (diff) | |
download | cgit-93a2c3305190ca87cc1a6c98868c251ef67c3f37.tar cgit-93a2c3305190ca87cc1a6c98868c251ef67c3f37.tar.gz cgit-93a2c3305190ca87cc1a6c98868c251ef67c3f37.zip |
auth-filter: do not write more than we've read
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r-- | cgit.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -659,13 +659,13 @@ static inline void open_auth_filter(const char *function) static inline void authenticate_post(void) { char buffer[MAX_AUTHENTICATION_POST_BYTES]; - unsigned int len; + ssize_t len; open_auth_filter("authenticate-post"); len = ctx.env.content_length; if (len > MAX_AUTHENTICATION_POST_BYTES) len = MAX_AUTHENTICATION_POST_BYTES; - if (read(STDIN_FILENO, buffer, len) < 0) + if ((len = read(STDIN_FILENO, buffer, len)) < 0) die_errno("Could not read POST from stdin"); if (write(STDOUT_FILENO, buffer, len) < 0) die_errno("Could not write POST to stdout"); |