-
Show log
Commit
-
Hash : a9f1ca09
Author :
Date : 2018-08-09T11:01:00
smart_pkt: fix buffer overflow when parsing "ok" packets There are two different buffer overflows present when parsing "ok" packets. First, we never verify whether the line already ends after "ok", but directly go ahead and also try to skip the expected space after "ok". Second, we then go ahead and use `strchr` to scan for the terminating newline character. But in case where the line isn't terminated correctly, this can overflow the line buffer. Fix the issues by using `git__prefixncmp` to check for the "ok " prefix and only checking for a trailing '\n' instead of using `memchr`. This also fixes the issue of us always requiring a trailing '\n'. Reported by oss-fuzz, issue 9749: Crash Type: Heap-buffer-overflow READ {*} Crash Address: 0x6310000389c0 Crash State: ok_pkt git_pkt_parse_line git_smart__store_refs Sanitizer: address (ASAN)
-
Files
- CMakeLists.txt
- alloc.c
- alloc.h
- annotated_commit.c
- annotated_commit.h
- apply.c
- apply.h
- array.h
- attr.c
- attr.h
- attr_file.c
- attr_file.h
- attrcache.c
- attrcache.h
- bitvec.h
- blame.c
- blame.h
- blame_git.c
- blame_git.h
- blob.c
- blob.h
- branch.c
- branch.h
- buf_text.c
- buf_text.h
- buffer.c
- buffer.h
- cache.c
- cache.h
- cc-compat.h
- checkout.c
- checkout.h
- cherrypick.c
- clone.c
- clone.h
- commit.c
- commit.h
- commit_list.c
- commit_list.h
- common.h
- config.c
- config.h
- config_backend.h
- config_cache.c
- config_entries.c
- config_entries.h
- config_file.c
- config_mem.c
- config_parse.c
- config_parse.h
- crlf.c
- date.c
- delta.c
- delta.h
- describe.c
- diff.c
- diff.h
- diff_driver.c
- diff_driver.h
- diff_file.c
- diff_file.h
- diff_generate.c
- diff_generate.h
- diff_parse.c
- diff_parse.h
- diff_print.c
- diff_stats.c
- diff_tform.c
- diff_tform.h
- diff_xdiff.c
- diff_xdiff.h
- errors.c
- features.h.in
- fetch.c
- fetch.h
- fetchhead.c
- fetchhead.h
- filebuf.c
- filebuf.h
- fileops.c
- fileops.h
- filter.c
- filter.h
- fnmatch.c
- fnmatch.h
- global.c
- global.h
- graph.c
- hash.c
- hash.h
- hash/
- hashsig.c
- ident.c
- idxmap.c
- idxmap.h
- ignore.c
- ignore.h
- index.c
- index.h
- indexer.c
- indexer.h
- integer.h
- iterator.c
- iterator.h
- khash.h
- mailmap.c
- mailmap.h
- map.h
- merge.c
- merge.h
- merge_driver.c
- merge_driver.h
- merge_file.c
- message.c
- message.h
- mwindow.c
- mwindow.h
- netops.c
- netops.h
- notes.c
- notes.h
- object.c
- object.h
- object_api.c
- odb.c
- odb.h
- odb_loose.c
- odb_mempack.c
- odb_pack.c
- offmap.c
- offmap.h
- oid.c
- oid.h
- oidarray.c
- oidarray.h
- oidmap.c
- oidmap.h
- pack-objects.c
- pack-objects.h
- pack.c
- pack.h
- parse.c
- parse.h
- patch.c
- patch.h
- patch_generate.c
- patch_generate.h
- patch_parse.c
- patch_parse.h
- path.c
- path.h
- pathspec.c
- pathspec.h
- pool.c
- pool.h
- posix.c
- posix.h
- pqueue.c
- pqueue.h
- proxy.c
- proxy.h
- push.c
- push.h
- rebase.c
- refdb.c
- refdb.h
- refdb_fs.c
- refdb_fs.h
- reflog.c
- reflog.h
- refs.c
- refs.h
- refspec.c
- refspec.h
- remote.c
- remote.h
- repo_template.h
- repository.c
- repository.h
- reset.c
- revert.c
- revparse.c
- revwalk.c
- revwalk.h
- settings.c
- sha1_lookup.c
- sha1_lookup.h
- signature.c
- signature.h
- sortedcache.c
- sortedcache.h
- stash.c
- status.c
- status.h
- stdalloc.c
- stdalloc.h
- stream.h
- streams/
- strmap.c
- strmap.h
- strnlen.h
- submodule.c
- submodule.h
- sysdir.c
- sysdir.h
- tag.c
- tag.h
- thread-utils.c
- thread-utils.h
- trace.c
- trace.h
- trailer.c
- transaction.c
- transaction.h
- transport.c
- transports/
- tree-cache.c
- tree-cache.h
- tree.c
- tree.h
- tsort.c
- unix/
- userdiff.h
- util.c
- util.h
- varint.c
- varint.h
- vector.c
- vector.h
- win32/
- worktree.c
- worktree.h
- xdiff/
- zstream.c
- zstream.h
-
Properties
-
Git HTTP https://git.kmx.io/thodg/libgit2.git Git SSH git@git.kmx.io:thodg/libgit2.git Public access ? public Description Users
Tags - v1.5.0
- v1.4.4
- v1.4.3
- v1.4.2
- v1.4.1
- v1.4.0
- v1.3.2
- v1.3.1
- v1.3.0
- v1.2.0
- v1.1.1
- v1.1.0
- v1.0.1
- v1.0.0
- v0.99.0
- v0.8.0
- v0.3.0
- v0.28.5
- v0.28.4
- v0.28.3
- v0.28.2
- v0.28.1
- v0.28.0-rc1
- v0.28.0
- v0.27.9
- v0.27.8
- v0.27.7
- v0.27.6
- v0.27.5
- v0.27.4
- v0.27.3
- v0.27.2
- v0.27.10
- v0.27.1
- v0.27.0-rc3
- v0.27.0-rc2
- v0.27.0-rc1
- v0.27.0
- v0.26.8
- v0.26.7
- v0.26.6
- v0.26.5
- v0.26.4
- v0.26.3
- v0.26.2
- v0.26.1
- v0.26.0-rc2
- v0.26.0-rc1
- v0.26.0
- v0.25.1
- v0.25.0-rc2
- v0.25.0-rc1
- v0.25.0
- v0.24.6
- v0.24.5
- v0.24.4
- v0.24.3
- v0.24.2
- v0.24.1
- v0.24.0-rc1
- v0.24.0
- v0.23.4
- v0.23.3
- v0.23.2
- v0.23.1
- v0.23.0-rc2
- v0.23.0-rc1
- v0.23.0
- v0.22.3
- v0.22.2
- v0.22.1
- v0.22.0-rc2
- v0.22.0-rc1
- v0.22.0
- v0.21.5
- v0.21.4
- v0.21.3
- v0.21.2
- v0.21.1
- v0.21.0-rc2
- v0.21.0-rc1
- v0.21.0
- v0.20.0
- v0.2.0
- v0.19.0
- v0.18.0
- v0.17.0
- v0.16.0
- v0.15.0
- v0.14.0
- v0.13.0
- v0.12.0
- v0.11.0
- v0.10.0
- v0.1.0