thodg/got

Browse

Commit 0e6ab4b2dda12fd56fa5ccb1cb3ff1aa12876891

Stefan Sperling 2022-03-10T09:23:19

make got_repo_match_object_id_prefix() reject overlong input strings suggested by + ok naddy 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

diff --git a/lib/repository.c b/lib/repository.c
index 8885743..d417554 100644
--- a/lib/repository.c
+++ b/lib/repository.c
@@ -1671,13 +1671,16 @@ got_repo_match_object_id_prefix(struct got_object_id **id,
 
 	*id = NULL;
 
-	for (i = 0; i < strlen(id_str_prefix); i++) {
+	len = strlen(id_str_prefix);
+	if (len > SHA1_DIGEST_STRING_LENGTH - 1)
+		return got_error_path(id_str_prefix, GOT_ERR_BAD_OBJ_ID_STR);
+
+	for (i = 0; i < len; i++) {
 		if (isxdigit((unsigned char)id_str_prefix[i]))
 			continue;
 		return got_error_path(id_str_prefix, GOT_ERR_BAD_OBJ_ID_STR);
 	}
 
-	len = strlen(id_str_prefix);
 	if (len >= 2) {
 		err = match_packed_object(id, repo, id_str_prefix, obj_type);
 		if (err)
kmx.io     mail     discord kmxgit v0.4.0