check pack file header in fetch_pack()
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
diff --git a/libexec/got-fetch-pack/got-fetch-pack.c b/libexec/got-fetch-pack/got-fetch-pack.c
index b1b439e..40fbe8e 100644
--- a/libexec/got-fetch-pack/got-fetch-pack.c
+++ b/libexec/got-fetch-pack/got-fetch-pack.c
@@ -514,6 +514,7 @@ fetch_pack(int fd, int packfd, struct got_object_id *packid,
struct got_pathlist_head symrefs;
struct got_pathlist_entry *pe;
int have_sidebands = 0;
+ uint32_t nobjects = 0;
TAILQ_INIT(&symrefs);
@@ -736,6 +737,32 @@ fetch_pack(int fd, int packfd, struct got_object_id *packid,
break;
}
+ /* Check pack file header. */
+ if (nobjects == 0) {
+ struct got_packfile_hdr *hdr = (void *)buf;
+ if (r < sizeof(*hdr)) {
+ err = got_error_msg(GOT_ERR_BAD_PACKFILE,
+ "short packfile header");
+ goto done;
+ }
+ if (hdr->signature != htobe32(GOT_PACKFILE_SIGNATURE)) {
+ err = got_error_msg(GOT_ERR_BAD_PACKFILE,
+ "bad packfile signature");
+ goto done;
+ }
+ if (hdr->version != htobe32(GOT_PACKFILE_VERSION)) {
+ err = got_error_msg(GOT_ERR_BAD_PACKFILE,
+ "bad packfile version");
+ goto done;
+ }
+ nobjects = betoh32(hdr->nobjects);
+ if (nobjects == 0) {
+ err = got_error_msg(GOT_ERR_BAD_PACKFILE,
+ "bad packfile with zero objects");
+ goto done;
+ }
+ }
+
/* Write packfile data to temporary pack file. */
w = write(packfd, buf, r);
if (w == -1) {