thodg/got

Browse

Commit 54d1a70f7c4cc24dd91d7f73a5fbd5aa6f6f97d9

Stefan Sperling 2020-03-18T16:11:31

verify that length string read from packet contains hex digits only 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

diff --git a/libexec/got-fetch-pack/got-fetch-pack.c b/libexec/got-fetch-pack/got-fetch-pack.c
index 8ce243b..d6afe7d 100644
--- a/libexec/got-fetch-pack/got-fetch-pack.c
+++ b/libexec/got-fetch-pack/got-fetch-pack.c
@@ -99,7 +99,7 @@ readpkt(int *outlen, int fd, char *buf, int nbuf)
 	char lenstr[5];
 	long len;
 	char *e;
-	int n;
+	int n, i;
 	ssize_t r;
 
 	*outlen = 0;
@@ -111,6 +111,10 @@ readpkt(int *outlen, int fd, char *buf, int nbuf)
 		return got_error(GOT_ERR_IO);
 
 	lenstr[4] = '\0';
+	for (i = 0; i < 4; i++) {
+		if (!isxdigit(lenstr[i]))
+			return got_error(GOT_ERR_BAD_PACKET);
+	}
 	errno = 0;
 	len = strtol(lenstr, &e, 16);
 	if (lenstr[0] == '\0' || *e != '\0')
kmx.io     mail     discord kmxgit v0.4.0