• Show log

    Commit

  • Hash : 3db9aa6f
    Author : Patrick Steinhardt
    Date : 2018-10-18T11:32:48

    signature: avoid out-of-bounds reads when parsing signature dates
    
    We use `git__strtol64` and `git__strtol32` to parse the trailing commit
    or author date and timezone of signatures. As signatures are usually
    part of a commit or tag object and thus essentially untrusted data, the
    buffer may be misformatted and may not be `NUL` terminated. This may
    lead to an out-of-bounds read.
    
    Fix the issue by using `git__strntol64` and `git__strntol32` instead.