Commit 9fa5181270fbedcfc50c8aaaac50a4aec0fd1dbd

Stefan Sperling 2020-03-18T16:11:32

check pack file header in fetch_pack()

diff --git a/libexec/got-fetch-pack/got-fetch-pack.c b/libexec/got-fetch-pack/got-fetch-pack.c
index b1b439e..40fbe8e 100644
--- a/libexec/got-fetch-pack/got-fetch-pack.c
+++ b/libexec/got-fetch-pack/got-fetch-pack.c
@@ -514,6 +514,7 @@ fetch_pack(int fd, int packfd, struct got_object_id *packid,
 	struct got_pathlist_head symrefs;
 	struct got_pathlist_entry *pe;
 	int have_sidebands = 0;
+	uint32_t nobjects = 0;
 
 	TAILQ_INIT(&symrefs);
 
@@ -736,6 +737,32 @@ fetch_pack(int fd, int packfd, struct got_object_id *packid,
 				break;
 		}
 
+		/* Check pack file header. */
+		if (nobjects == 0) {
+			struct got_packfile_hdr *hdr = (void *)buf;
+			if (r < sizeof(*hdr)) {
+				err = got_error_msg(GOT_ERR_BAD_PACKFILE,
+				    "short packfile header");
+				goto done;
+			}
+			if (hdr->signature != htobe32(GOT_PACKFILE_SIGNATURE)) {
+				err = got_error_msg(GOT_ERR_BAD_PACKFILE,
+				    "bad packfile signature");
+				goto done;
+			}
+			if (hdr->version != htobe32(GOT_PACKFILE_VERSION)) {
+				err = got_error_msg(GOT_ERR_BAD_PACKFILE,
+				    "bad packfile version");
+				goto done;
+			}
+			nobjects = betoh32(hdr->nobjects);
+			if (nobjects == 0) {
+				err = got_error_msg(GOT_ERR_BAD_PACKFILE,
+				    "bad packfile with zero objects");
+				goto done;
+			}
+		}
+
 		/* Write packfile data to temporary pack file. */
 		w = write(packfd, buf, r);
 		if (w == -1) {