Commit 8991a328535f89f3f2257269f5c2d3fcec8bda69
2021-08-26T07:08:48
add a missing bounds-check in got-fetch-pack when parsing server response The tokenize_refline() function could end up reading past the end of the buffer if the refline is not terminated with whitespace or \0.
diff --git a/libexec/got-fetch-pack/got-fetch-pack.c b/libexec/got-fetch-pack/got-fetch-pack.c
index d3181d5..7666d8a 100644
--- a/libexec/got-fetch-pack/got-fetch-pack.c
+++ b/libexec/got-fetch-pack/got-fetch-pack.c
@@ -294,7 +294,7 @@ tokenize_refline(char **tokens, char *line, int len, int maxtokens)
n++;
}
p = line;
- while (*line != '\0' &&
+ while (*line != '\0' && n < len &&
(!isspace(*line) || i == maxtokens - 1)) {
line++;
n++;