thodg/libgit2

Browse

Commit 5fabaca801e1f5e7a1054be612e8fabec7cd6a7f

Patrick Steinhardt 2018-08-09T11:04:42

smart_pkt: fix buffer overflow when parsing "unpack" packets When checking whether an "unpack" packet returned the "ok" status or not, we use a call to `git__prefixcmp`. In case where the passed line isn't properly NUL terminated, though, this may overrun the line buffer. Fix this by using `git__prefixncmp` instead. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

diff --git a/src/transports/smart_pkt.c b/src/transports/smart_pkt.c
index 3b145f8..a19b226 100644
--- a/src/transports/smart_pkt.c
+++ b/src/transports/smart_pkt.c
@@ -350,13 +350,11 @@ static int unpack_pkt(git_pkt **out, const char *line, size_t len)
 {
 	git_pkt_unpack *pkt;
 
-	GIT_UNUSED(len);
-
 	pkt = git__malloc(sizeof(*pkt));
 	GITERR_CHECK_ALLOC(pkt);
-
 	pkt->type = GIT_PKT_UNPACK;
-	if (!git__prefixcmp(line, "unpack ok"))
+
+	if (!git__prefixncmp(line, len, "unpack ok"))
 		pkt->unpack_ok = 1;
 	else
 		pkt->unpack_ok = 0;
kmx.io     mail     discord kmxgit v0.4.0