core: Preemptively error out on paths longer than PATH_MAX

Just noticed this while thinking like an attacker.

diff --git a/src/libotutil/ot-unix-utils.c b/src/libotutil/ot-unix-utils.c
index e7357d761f48442b4222282bb481f2341944e11e..f07facb3fd7aa6601e9c2f455393b289efcb35f4 100644 (file)
--- a/src/libotutil/ot-unix-utils.c
+++ b/src/libotutil/ot-unix-utils.c
@@ -132,6 +132,13 @@ ot_util_path_split_validate (const char *path,
   GPtrArray *ret_components = NULL;
   int i;
 
+  if (strlen (path) > PATH_MAX)
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                   "Path '%s' is too long", path);
+      goto out;
+    }
+
   ret_components = ot_split_string_ptrarray (path, '/');
 
   /* Canonicalize by removing '.' and '', throw an error on .. */