Commit 003cbc3f by Nelson Elhage Committed by Patrick Steinhardt

Verify ref_pkt's are long enough

If the remote sends a too-short packet, we'll allow `len` to go
negative and eventually issue a malloc for <= 0 bytes on

```
pkt->head.name = git__malloc(alloclen);
```

(cherry picked from commit 437ee5a7)
parent 4385aef3
......@@ -203,6 +203,11 @@ static int ref_pkt(git_pkt **out, const char *line, size_t len)
git_pkt_ref *pkt;
size_t alloclen;
if (len < GIT_OID_HEXSZ + 1) {
giterr_set(GITERR_NET, "error parsing pkt-line");
return -1;
}
pkt = git__malloc(sizeof(git_pkt_ref));
GITERR_CHECK_ALLOC(pkt);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment