Commit 20e58aacdc548dc8e356aef4447961269d843352

Patrick Steinhardt 2018-08-09T10:36:44

smart_pkt: honor line length when determining packet type When we parse the packet type of an incoming packet line, we do not verify that we don't overflow the provided line buffer. Fix this by using `git__prefixncmp` instead and passing in `len`. As we have previously already verified that `len <= linelen`, we thus won't ever overflow the provided buffer length. (cherry picked from commit 4a5804c983317100eed509537edc32d69c8d7aa2)

diff --git a/src/transports/smart_pkt.c b/src/transports/smart_pkt.c
index 9b7e3bc..bb79edc 100644
--- a/src/transports/smart_pkt.c
+++ b/src/transports/smart_pkt.c
@@ -459,19 +459,19 @@ int git_pkt_parse_line(
 		ret = sideband_progress_pkt(head, line, len);
 	else if (*line == GIT_SIDE_BAND_ERROR)
 		ret = sideband_error_pkt(head, line, len);
-	else if (!git__prefixcmp(line, "ACK"))
+	else if (!git__prefixncmp(line, len, "ACK"))
 		ret = ack_pkt(head, line, len);
-	else if (!git__prefixcmp(line, "NAK"))
+	else if (!git__prefixncmp(line, len, "NAK"))
 		ret = nak_pkt(head);
-	else if (!git__prefixcmp(line, "ERR "))
+	else if (!git__prefixncmp(line, len, "ERR "))
 		ret = err_pkt(head, line, len);
 	else if (*line == '#')
 		ret = comment_pkt(head, line, len);
-	else if (!git__prefixcmp(line, "ok"))
+	else if (!git__prefixncmp(line, len, "ok"))
 		ret = ok_pkt(head, line, len);
-	else if (!git__prefixcmp(line, "ng"))
+	else if (!git__prefixncmp(line, len, "ng"))
 		ret = ng_pkt(head, line, len);
-	else if (!git__prefixcmp(line, "unpack"))
+	else if (!git__prefixncmp(line, len, "unpack"))
 		ret = unpack_pkt(head, line, len);
 	else
 		ret = ref_pkt(head, line, len);