commit 3e9a56b5bba8e25189ba076c2c3d6fd0b56a6446
from: Omar Polo <op@omarpolo.com>
via: Thomas Adam <thomas@xteddy.org>
date: Thu Dec 01 17:59:30 2022 UTC

gotwebd: provide maximum value for the description and cloneurl

ok stsp@

commit - cd9fd5e0d5b8c88463511594445afdee1f2d440b
commit + 3e9a56b5bba8e25189ba076c2c3d6fd0b56a6446
blob - 0d5b5d02ed12354ca23abd24c00201f2ee3648f9
blob + eeea44e44f4b9158e6d0d1e02f17d92e371b2dd7
--- gotwebd/gotweb.c
+++ gotwebd/gotweb.c
@@ -2511,8 +2511,8 @@ gotweb_get_repo_description(char **description, struct
 	}
 
 	len = sb.st_size;
-	if (len > SIZE_MAX - 1)
-		len = SIZE_MAX - 1;
+	if (len > GOTWEBD_MAXDESCRSZ - 1)
+		len = GOTWEBD_MAXDESCRSZ - 1;
 
 	*description = calloc(len + 1, sizeof(**description));
 	if (*description == NULL) {
@@ -2557,8 +2557,8 @@ gotweb_get_clone_url(char **url, struct server *srv, c
 	}
 
 	len = sb.st_size;
-	if (len > SIZE_MAX - 1)
-		len = SIZE_MAX - 1;
+	if (len > GOTWEBD_MAXCLONEURLSZ - 1)
+		len = GOTWEBD_MAXCLONEURLSZ - 1;
 
 	*url = calloc(len + 1, sizeof(**url));
 	if (*url == NULL) {
blob - 0a9217f7fb5cc2256686d1d01c59b69e5f96d4ad
blob + 14426b3f4ad9787e7876dc233211e8fb8875cab6
--- gotwebd/gotwebd.h
+++ gotwebd/gotwebd.h
@@ -39,6 +39,8 @@
 
 #define GOTWEBD_USER		 "www"
 
+#define GOTWEBD_MAXDESCRSZ	 1024
+#define GOTWEBD_MAXCLONEURLSZ	 1024
 #define GOTWEBD_CACHESIZE	 1024
 #define GOTWEBD_MAXCLIENTS	 1024
 #define GOTWEBD_MAXTEXT		 511