Commit f392e333e6fe8e8ce5e2ebc285041cbe95236c5e
2018-12-24T17:28:20
verify total size vs header length in got-read-blob
diff --git a/libexec/got-read-blob/got-read-blob.c b/libexec/got-read-blob/got-read-blob.c
index bcd6bb4..d795af6 100644
--- a/libexec/got-read-blob/got-read-blob.c
+++ b/libexec/got-read-blob/got-read-blob.c
@@ -147,6 +147,11 @@ main(int argc, char *argv[])
if (err)
goto done;
+ if (size < obj->hdrlen) {
+ err = got_error(GOT_ERR_BAD_OBJ_HDR);
+ goto done;
+ }
+
err = got_privsep_send_blob(&ibuf, size, obj->hdrlen);
done:
if (f)