Commit 600ceadd1426b874ae0618651210a690a68b27e9
2018-10-18T11:29:06
index: avoid out-of-bounds read when reading reuc entry stage We use `git__strtol64` to parse file modes of the index entries, which does not limit the parsed buffer length. As the index can be essentially treated as "untrusted" in that the data stems from the file system, it may be misformatted and may not contain terminating `NUL` bytes. This may lead to out-of-bounds reads when trying to parse index entries with such malformatted modes. Fix the issue by using `git__strntol64` instead.
diff --git a/src/index.c b/src/index.c
index 465efaa..8858d23 100644
--- a/src/index.c
+++ b/src/index.c
@@ -2243,7 +2243,7 @@ static int read_reuc(git_index *index, const char *buffer, size_t size)
for (i = 0; i < 3; i++) {
int64_t tmp;
- if (git__strtol64(&tmp, buffer, &endptr, 8) < 0 ||
+ if (git__strntol64(&tmp, buffer, size, &endptr, 8) < 0 ||
!endptr || endptr == buffer || *endptr ||
tmp < 0 || tmp > UINT32_MAX) {
index_entry_reuc_free(lost);