From 3ecad6fd4f17e64b78b0a8c583ad8568e66dec00 Mon Sep 17 00:00:00 2001
From: Chris Dunlop <chris@onthe.net.au>
Date: Mon, 12 Dec 2011 13:33:41 +1100
Subject: [PATCH] Fix overflow of 'hash' buffer

The text version of the hash requires an extra character for the '/' and
another for the trailing null.

Note: the original overflow is non-exploitable as it harmlessly
overwrites the following dst variable with a null just before using
asprintf() to set the dst variable again.

Signed-off-by: Chris Dunlop <chris@onthe.net.au>
---
 hashlink.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hashlink.c b/hashlink.c
index 15e2a73..12cc39b 100644
--- a/hashlink.c
+++ b/hashlink.c
@@ -26,7 +26,7 @@ extern char *link_by_hash_dir;
 
 char *make_hash_name(struct file_struct *file)
 {
-	char hash[33], *dst;
+	char hash[(MAX_DIGEST_LEN * 2) + 2], *dst;
 	uchar c, *src = (uchar*)F_SUM(file);
 	int i;
 
-- 
1.7.0.4