Commit 6f4d04b5 by Patrick Steinhardt

index: error out on unreasonable prefix-compressed path lengths

When computing the complete path length from the encoded
prefix-compressed path, we end up just allocating the complete path
without ever checking what the encoded path length actually is. This can
easily lead to a denial of service by just encoding an unreasonable long
path name inside of the index. Git already enforces a maximum path
length of 4096 bytes. As we also have that enforcement ready in some
places, just make sure that the resulting path is smaller than
GIT_PATH_MAX.

Reported-by: Krishna Ram Prakash R <krp@gtux.in>
Reported-by: Vivek Parikh <viv0411.parikh@gmail.com>
parent 6ddd286e
...@@ -2375,6 +2375,10 @@ static int read_entry( ...@@ -2375,6 +2375,10 @@ static int read_entry(
GITERR_CHECK_ALLOC_ADD(&path_len, prefix_len, suffix_len); GITERR_CHECK_ALLOC_ADD(&path_len, prefix_len, suffix_len);
GITERR_CHECK_ALLOC_ADD(&path_len, path_len, 1); GITERR_CHECK_ALLOC_ADD(&path_len, path_len, 1);
if (path_len > GIT_PATH_MAX)
return index_error_invalid("unreasonable path length");
tmp_path = git__malloc(path_len); tmp_path = git__malloc(path_len);
GITERR_CHECK_ALLOC(tmp_path); GITERR_CHECK_ALLOC(tmp_path);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment