Commit aae89534961cdb7b445be890a056b67c5d18547f
2016-10-09T12:51:48
Merge pull request #3956 from pks-t/pks/object-parsing-hardening Object parsing hardening
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
diff --git a/src/commit.c b/src/commit.c
index 99a8085..76e6dcb 100644
--- a/src/commit.c
+++ b/src/commit.c
@@ -459,10 +459,11 @@ int git_commit__parse(void *_commit, git_odb_object *odb_obj)
buffer = buffer_start + header_len + 1;
/* extract commit message */
- if (buffer <= buffer_end) {
+ if (buffer <= buffer_end)
commit->raw_message = git__strndup(buffer, buffer_end - buffer);
- GITERR_CHECK_ALLOC(commit->raw_message);
- }
+ else
+ commit->raw_message = git__strdup("");
+ GITERR_CHECK_ALLOC(commit->raw_message);
return 0;
diff --git a/src/tree.c b/src/tree.c
index 5db2446..6008a95 100644
--- a/src/tree.c
+++ b/src/tree.c
@@ -447,7 +447,12 @@ int git_tree__parse(void *_tree, git_odb_object *odb_obj)
if ((nul = memchr(buffer, 0, buffer_end - buffer)) == NULL)
return tree_error("Failed to parse tree. Object is corrupted", NULL);
- filename_len = nul - buffer;
+ if ((filename_len = nul - buffer) == 0)
+ return tree_error("Failed to parse tree. Can't parse filename", NULL);
+
+ if ((buffer_end - (nul + 1)) < GIT_OID_RAWSZ)
+ return tree_error("Failed to parse tree. Can't parse OID", NULL);
+
/* Allocate the entry */
{
entry = git_array_alloc(tree->entries);