Commit 5fabaca8 by Patrick Steinhardt

smart_pkt: fix buffer overflow when parsing "unpack" packets

When checking whether an "unpack" packet returned the "ok" status or
not, we use a call to `git__prefixcmp`. In case where the passed line
isn't properly NUL terminated, though, this may overrun the line buffer.
Fix this by using `git__prefixncmp` instead.
parent b5ba7af2
......@@ -350,13 +350,11 @@ static int unpack_pkt(git_pkt **out, const char *line, size_t len)
{
git_pkt_unpack *pkt;
GIT_UNUSED(len);
pkt = git__malloc(sizeof(*pkt));
GITERR_CHECK_ALLOC(pkt);
pkt->type = GIT_PKT_UNPACK;
if (!git__prefixcmp(line, "unpack ok"))
if (!git__prefixncmp(line, len, "unpack ok"))
pkt->unpack_ok = 1;
else
pkt->unpack_ok = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment