smart_pkt: fix buffer overflow when parsing "unpack" packets When checking whether an "unpack" packet returned the "ok" status or not, we use a call to `git__prefixcmp`. In case where the passed line isn't properly NUL terminated, though, this may overrun the line buffer. Fix this by using `git__prefixncmp` instead.
diff --git a/src/transports/smart_pkt.c b/src/transports/smart_pkt.c
index 3b145f8..a19b226 100644
--- a/src/transports/smart_pkt.c
+++ b/src/transports/smart_pkt.c
@@ -350,13 +350,11 @@ static int unpack_pkt(git_pkt **out, const char *line, size_t len)
{
git_pkt_unpack *pkt;
- GIT_UNUSED(len);
-
pkt = git__malloc(sizeof(*pkt));
GITERR_CHECK_ALLOC(pkt);
-
pkt->type = GIT_PKT_UNPACK;
- if (!git__prefixcmp(line, "unpack ok"))
+
+ if (!git__prefixncmp(line, len, "unpack ok"))
pkt->unpack_ok = 1;
else
pkt->unpack_ok = 0;