smart_pkt: fix buffer overflow when parsing "unpack" packets

When checking whether an "unpack" packet returned the "ok" status or not, we use a call to `git__prefixcmp`. In case where the passed line isn't properly NUL terminated, though, this may overrun the line buffer. Fix this by using `git__prefixncmp` instead.

smart_pkt: fix buffer overflow when parsing "unpack" packets
When checking whether an "unpack" packet returned the "ok" status or not, we use a call to `git__prefixcmp`. In case where the passed line isn't properly NUL terminated, though, this may overrun the line buffer. Fix this by using `git__prefixncmp` instead.
5fabaca8 · Patrick Steinhardt · b5ba7af2 · 5fabaca8
Commit 5fabaca8 authored Aug 09, 2018 by Patrick Steinhardt
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 4 deletions

src/transports/smart_pkt.c
+2 -4

No files found.
--- a/src/transports/smart_pkt.c
+++ b/src/transports/smart_pkt.c
@@ -350,13 +350,11 @@ static int unpack_pkt(git_pkt **out, const char *line, size_t len)
 {
 	git_pkt_unpack *pkt;

-	GIT_UNUSED(len);
-
 	pkt = git__malloc(sizeof(*pkt));
 	GITERR_CHECK_ALLOC(pkt);
-
 	pkt->type = GIT_PKT_UNPACK;
-	if (!git__prefixcmp(line, "unpack ok"))
+
+	if (!git__prefixncmp(line, len, "unpack ok"))
 		pkt->unpack_ok = 1;
 	else
 		pkt->unpack_ok = 0;