odb: verify hashes in read_prefix_1 While the function reading an object from the complete OID already verifies OIDs, we do not yet do so for reading objects from a partial OID. Do so when strict OID verification is enabled.
diff --git a/src/odb.c b/src/odb.c
index e871147..3090cca 100644
--- a/src/odb.c
+++ b/src/odb.c
@@ -1146,6 +1146,18 @@ static int read_prefix_1(git_odb_object **out, git_odb *db,
if (!found)
return GIT_ENOTFOUND;
+ if (git_odb__strict_hash_verification) {
+ git_oid hash;
+
+ if ((error = git_odb_hash(&hash, raw.data, raw.len, raw.type)) < 0)
+ goto out;
+
+ if (!git_oid_equal(&found_full_oid, &hash)) {
+ error = git_odb__error_mismatch(&found_full_oid, &hash);
+ goto out;
+ }
+ }
+
if ((object = odb_object__alloc(&found_full_oid, &raw)) == NULL)
goto out;