Commit b5b7c30303f75d593bba832504bdd6f13a9ccaa5

Patrick Steinhardt 2018-08-09T11:03:37

smart_pkt: fix "ng" parser accepting non-space character When parsing "ng" packets, we blindly assume that the character immediately following the "ng" prefix is a space and skip it. As the calling function doesn't make sure that this is the case, we can thus end up blindly accepting an invalid packet line. Fix the issue by using `git__prefixncmp`, checking whether the line starts with "ng ". (cherry picked from commit b5ba7af2d30c958b090dcf135749d9afe89ec703)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
diff --git a/src/transports/smart_pkt.c b/src/transports/smart_pkt.c
index c5fa338..c0a785d 100644
--- a/src/transports/smart_pkt.c
+++ b/src/transports/smart_pkt.c
@@ -306,9 +306,9 @@ static int ng_pkt(git_pkt **out, const char *line, size_t len)
 
 	eol = line + len;
 
-	if (len < 3)
+	if (git__prefixncmp(line, len, "ng "))
 		goto out_err;
-	line += 3; /* skip "ng " */
+	line += 3;
 
 	if (!(ptr = memchr(line, ' ', eol - line)))
 		goto out_err;