Commit 5c0d1100 by Patrick Steinhardt

smart_pkt: explicitly avoid integer overflows when parsing packets

When parsing data, progress or error packets, we need to copy the
contents of the rest of the current packet line into the flex-array of
the parsed packet. To keep track of this array's length, we then assign
the remaining length of the packet line to the structure. We do have a
mismatch of types here, as the structure's `len` field is a signed
integer, while the length that we are assigning has type `size_t`.

On nearly all platforms, this shouldn't pose any problems at all. The
line length can at most be 16^4, as the line's length is being encoded
by exactly four hex digits. But on a platforms with 16 bit integers,
this assignment could cause an overflow. While such platforms will
probably only exist in the embedded ecosystem, we still want to avoid
this potential overflow. Thus, we now simply change the structure's
`len` member to be of type `size_t` to avoid any integer promotion.

(cherry picked from commit 40fd84cc)
parent 20e58aac
...@@ -91,7 +91,7 @@ typedef struct { ...@@ -91,7 +91,7 @@ typedef struct {
typedef struct { typedef struct {
git_pkt_type type; git_pkt_type type;
int len; size_t len;
char data[GIT_FLEX_ARRAY]; char data[GIT_FLEX_ARRAY];
} git_pkt_data; } git_pkt_data;
...@@ -99,7 +99,7 @@ typedef git_pkt_data git_pkt_progress; ...@@ -99,7 +99,7 @@ typedef git_pkt_data git_pkt_progress;
typedef struct { typedef struct {
git_pkt_type type; git_pkt_type type;
int len; size_t len;
char error[GIT_FLEX_ARRAY]; char error[GIT_FLEX_ARRAY];
} git_pkt_err; } git_pkt_err;
......
...@@ -118,9 +118,9 @@ static int err_pkt(git_pkt **out, const char *line, size_t len) ...@@ -118,9 +118,9 @@ static int err_pkt(git_pkt **out, const char *line, size_t len)
GITERR_CHECK_ALLOC_ADD(&alloclen, alloclen, 1); GITERR_CHECK_ALLOC_ADD(&alloclen, alloclen, 1);
pkt = git__malloc(alloclen); pkt = git__malloc(alloclen);
GITERR_CHECK_ALLOC(pkt); GITERR_CHECK_ALLOC(pkt);
pkt->type = GIT_PKT_ERR; pkt->type = GIT_PKT_ERR;
pkt->len = (int)len; pkt->len = len;
memcpy(pkt->error, line, len); memcpy(pkt->error, line, len);
pkt->error[len] = '\0'; pkt->error[len] = '\0';
...@@ -142,7 +142,7 @@ static int data_pkt(git_pkt **out, const char *line, size_t len) ...@@ -142,7 +142,7 @@ static int data_pkt(git_pkt **out, const char *line, size_t len)
GITERR_CHECK_ALLOC(pkt); GITERR_CHECK_ALLOC(pkt);
pkt->type = GIT_PKT_DATA; pkt->type = GIT_PKT_DATA;
pkt->len = (int) len; pkt->len = len;
memcpy(pkt->data, line, len); memcpy(pkt->data, line, len);
*out = (git_pkt *) pkt; *out = (git_pkt *) pkt;
...@@ -163,7 +163,7 @@ static int sideband_progress_pkt(git_pkt **out, const char *line, size_t len) ...@@ -163,7 +163,7 @@ static int sideband_progress_pkt(git_pkt **out, const char *line, size_t len)
GITERR_CHECK_ALLOC(pkt); GITERR_CHECK_ALLOC(pkt);
pkt->type = GIT_PKT_PROGRESS; pkt->type = GIT_PKT_PROGRESS;
pkt->len = (int) len; pkt->len = len;
memcpy(pkt->data, line, len); memcpy(pkt->data, line, len);
*out = (git_pkt *) pkt; *out = (git_pkt *) pkt;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment